On Tue, 13 Oct 2015 22:25:37 +0200 Rama <[email protected]> wrote: > Hello, > > i wonder if i am doing it correctly. > > i have two bgp router connection that will go on a firewall. > > how am i expected to configure everything to enable failover with load > balancing? > > (ascii art time) > > > [BGP1] [BGP2] > | | > |e1 |e2 > ----------------------- > | FW | > ----------------------- > | > | > ----------------------- > | LAN | > ----------------------- > > > i have configured it with > e1: A.B.C.2 gw:A.B.C.1 > e2: D.E.F.2 gw:D.E.F.1 > > the default gw is A.B.C.1 > > and follow the guide here: > http://www.openbsd.org/papers/linuxtag06-network.pdf > > that's my current config :) > > AS 65042 --> private > router-id A.B.C.1 --> ip on wan1 > network P.U.B.L/24 --> public lan > neighbor A.B.C.1 { --> bgp router1 from cogent > descr "ISP A" > remote-as 179 > } > neighbor D.E.F.1 { --> bgp router2 from level3 > descr "ISP B" > remote-as 3549 > } > > > and, everything work :D > but, what's happen if e1 fail? > i can't reach lan (i have nat on P.U.B.L/24) > > > is that expected to work with some sort of failover or i have to do > other steps for that? > > tnx, i am very beginner on that :) >
You are going to need public AS, at least two upstream providers that want to route BGP with you, and authoritative DNS for reverse zone. Preferrably, upstream providers will connect you to their network not via standard /30 networks, but via /29 networks, which gives you ability to create redundant setup (carp + pfsync). Some time ago when I was implementing this setup for the first time, I wrote a 'works-for-me' howto: https://www.mimar.rs/sysadmin/2013/openbsd-na-obodu-korporacijske-mreze It is in Serbian, but I am sure some online translator can help you understand the basics. Regards, -- Before enlightenment - chop wood, draw water. After enlightenment - chop wood, draw water. Marko Cupać https://www.mimar.rs/
