One way to do this is to have both client fw/routers running in their
own right, i.e. no carp failover.
Each router peers with one of the ISP routers via eBGP and then peers
with it's partner via iBGP.
On each router use the 'weight' option to make each router believe it's
learned routes are the best.
Each router will now install it's best route in the kernel routing table
and believing it has the best route will also redistribute it's routes
to the iBGP partner.
The result each router will have two routes to any network in it's BGP
table, one via its eBGP which it regards as 'best' and another with a
higher weight via it's partner router.
It's also important to tune the BGP dead timers as low as you can so
that if a link is lost to an upstream BGP session is cleared as soon as
possible minimizing the amount of black holed traffic. Once the BGP
session is down the alternate route learned from the partner router will
be used to replace the failed route in the actual routing table.
To control which route is used for outbound traffic CARP can be setup on
the 'internal' interfaces. Which ever router is the master will be used
as the egress point for the network. Padding the announcement to the
secondary provider could also help with controlling incoming traffic,
although in my experience the results are mixed.
Now I've never tried it on OpenBGP but on Cisco this works like a charm.
e.g.
[ISP1] [ISP2]
| |
ebgp ebgp
| |
[PRIV1]---iBGP---[PRIV2]
| |
M S
| |
---------|---------
All traffic would flow out of PRIV1 / ISP1, if PRIV1 or ISP1 failed
traffic would flow out of PRIV2 / ISP2.
BARDOU Pierre wrote:
Hello,
Failover already works with BGP on my test conf, the problem is that BGP
only selects ONE route to a destination, so there is no load balancing.
The easiest for me would be to tell BGP to keep TWO routes to each
Destination, and use them in a round-robin way.
That's what Cisco does with BGP multipath
http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a0080094431
.shtml#bgpmpath
But AFAIK there is no way to setup this with openBGP.
Am I right ?
--
Cordialement,
Pierre BARDOU
-----Message d'origine-----
De : [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Envoyi : mercredi 8 octobre 2008 09:05
@ : BARDOU Pierre
Cc : Frans Haarman; misc@openbsd.org
Objet : Re: OpenBGP load balancing between 2 ISP (multihoming)
BARDOU Pierre wrote:
Hello,
I can load balance on the firewalls with pf , but the problem of that
Solution is that there is no failover AFAIK.
If I loose a link between an ISP and me half of the packets will be lost.
And not loosing packets is more important to me than load balancing...
--
Cordialement,
Pierre BARDOU
________________________________
De : Frans Haarman [mailto:[EMAIL PROTECTED] Envoyi : mardi 7
octobre 2008 18:54 @ : BARDOU Pierre Cc : misc@openbsd.org Objet : Re:
OpenBGP load balancing between 2 ISP (multihoming)
2008/10/7 BARDOU Pierre <[EMAIL PROTECTED]>
Hello,
I am trying to set up a configuraion like this :
+------- -+ +---------+
| ISP1 | | ISP2 | Cisco
| ROUTER | | ROUTER |
| AS3215 | | AS12670 |
+---------+ +---------+
| |
| |
+---------+ +---------+
| BGP | | BGP |
| ROUTER | | ROUTER | OpenBSD 4.3
| AS47818 | | AS45818 |
+---------+ +---------+
| |
| |
+-------------------------+
| 217.109.108.240/28 |
+-------------------------+
| |
| |
+--------+ +-------+
| FW |--------| FW | OpenBSD 4.3
| MASTER | pfsync | SLAVE |
+--------+ +-------+
| |
| |
+-------------------------+
| PRIVATE NETWORKS |
+-------------------------+
I'd like to load balance outgoing connections to the internet,
but I don't know how to configure openBGPd to do this.
I searched a lot on the Internet and I found a lot of informations
on how to do this with cisco, but I have never found an openBGP
solution.
Some people speak about it but I have never seen it.
I made a test conf where failover works like a charm (using iBGP on
the
FW's with 'set nexhop self' on BGP routers), but when both
connections
are active only one is used.
Would it be possible to help me please ?
Is setting up iBGP sessions between FW's and BGP routers a good idea
?
Should I rather use OSPF for this ?
And in tha case how to configure it to loadbalance/failover ?
Many thanks
PS : loadbalancing incoming connections too would be very nice, but
I
understood it was much more difficult.
--
Cordialement,
Pierre BARDOU
just wondering......
What happens when you load balance your
traffic on your firewalls ? So you devide
the traffic over both bgp routers:
http://www.openbsd.org/faq/pf/pools.html
maybe you could even do the route-to
on the bgp routers ?
something like:
route-to { ($ext_if $ext_ISP1), ($local_if $BGP2 ) } round-robin
from $lan_net to any keep state
#and on the other bgp router
route-to { ($ext_if $ext_ISP2), ($local_if $BGP1 ) } round-robin
from $lan_net to any keep state
Beware: I have no idea if any of this is possible.
But thats what I'd try :)
Gr. FH
If you want to use fail-over capability of bgp, you can use prepend to
increase length of one path. I have no experience with configuring
openbgpd but on juniper/cisco it seems to work great.
Regards,
Marusz
