|
Greetings to all, To start I’ll firstly lay down the foundation to what
I have done so far and if those of you on the list can provide further insight,
tips, links etc. This scenario consists of 2 firewalls (both running Debian “etch”),
2 Cisco routers (unsure of model numbers) connected together like so in the
diagram below. ----------------------- |
Uplink Provider | -----------------------
|
| ----------------------- |
| -------------------
-------------------- |
Cisco Router | | Cisco Router | ------------------
--------------------
|
|
|
| -------------------
-------------------- |
Firewall 1 | | Firewall
2 | -------------------
-------------------- Initially, the first task I was designated was to setup BGP
routing on 2 firewalls. Each firewall is connected to its own Cisco
router provided by the uplink provider and the uplink provider is only providing
a default gateway/router to each of the firewalls. Now, having had minimal
experience with BGP (minimal in terms of the broadness of what is possible with
BGP) and using the information provided by the uplink provider I have setup
BGP. What I have been recently informed of is that the 2 firewalls
must do some sort of failover between them when either of the default gateway’s
are no longer responsive. I had initially looked into using heartbeat
(which I am still considering) to do the failover or possibly using vrrpd
(Virtual Router Redundancy Protocol Daemon). This however isn’t
what I am contacting this list about. What I need to do at minimal, is at
least for the failover, is to detect when the default gateway of (say) firewall
1 is no longer available and perform failover to firewall 2 and vice versa.
As far as I am aware the only DGD support available is still through the
patches that Julian Anastasov wrote for the 2.4 kernel series or by writing a
script that uses arping to determine the last hop available. What other options are there? I have done a fair amount of searching the internet only to
come back to these 2 possibilities. Surely there must be something else …. Thanks in advance to anyone that replies as I know that this
topic seems to be coming up more and more frequently on the lists and must be
getting somewhat tedious for most. Regards, Rangi No virus found in this outgoing message. |
_______________________________________________ LARTC mailing list LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
