8300 in HA with dual WAN and BGP
-
Looking for a little help distilling how to accomplish this, have most of the pieces but missing how to handle the WAN side with BGP..
Currently have two WAN connections, moving to a shared range with BGP so we can use either to access the same IP range…
Intent is one per HA pair (8300) however it’s not clear from the docs how to implement with BGP and allow each to function with failover as needed.
Setting up the HA pair, having internal hosts route (everything NATed with some 1:1 mappings for hosted services) seems straightforward but lost on how to implement multi WAN with BGP
-
@padrino121
Well…pfsense with FRR package does not work with HA.6 year old request to get it to happen is ignored.
https://redmine.pfsense.org/issues/9141The only “solution” is to have your primary pfsense have both WAN links enabled and performing bgp. In the event of a failover physically move both WAN circuits. Another “solution “ would be to manually copy the the FRR configuration to the standby router…
Honestly, pfsense with dynamic routing in HA doesn’t work in its current form. -
@michmoor Thanks for the details, I can’t say we realized this when purchasing the pair of 8300 for HA..
Read HA, multiWAN, BGP feature sets and made the assumption…
Thinking outloud, could we drop the WAN links on a two VLAN switch one for each and tie the primary and secondary to it so we don’t need to physically move them?
-
@padrino121
Drop the WAN circuits on a switch will work as far as not having to physically go on site but unfortunately the FRR configuration still requires manual intervention.
8300s is expensive gear. I would follow up with sales and see if they can provide a better solution. The money you paid it’s really unacceptable that there is this level of shortcomings especially with something so basic