BGP Mesh and CARP
-
Hi folks,
I have a setup where I have 6 facilities, all interconnected with MPLS on the backend, and OpenVPN for failover protection on the front end. I can route traffic through the VPN connections if the MPLS is disrupted, and vice versa.
I am running BGP on all pfSense nodes in a full mesh topology. So, all nodes are connected via MPLS (where possible) and via nailed up OpenVPN individually to every other node. BGP is working nicely in this setup, and failover is transparent and smooth, with re-convergence times in the sub 2 minute range.
However, I would now like to use CARP :) If I have a VIP as the neighbor IP, that doesn't prevent the secondary from connecting and announcing itself to that same IP, since it is on the same subnet as the CARP IP.
Can I run this disconnected? What I mean is.. could I run the CARP IP and interface IPs with separate IP subnets, or does the CARP IP have to be on the same subnet as the interface IP?
I'll try this out to see what happens, but I was wondering if this was somehow unwise…
-
Okie.. no dice.. as intended I am sure :) CARP must be on the same subnet.
I briefly toyed with the idea of super netting.. but then I realized.. couldn't I use firewall rules to block BGP to any IP except from the CARP IPs?
I'll check this out next.
stay tuned! And please chime in with observations, criticisms, or anything else :)