Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    BGP with routing/monitoring question

    Scheduled Pinned Locked Moved Routing and Multi WAN
    2 Posts 1 Posters 430 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • H
      Heimire
      last edited by

      We have 2 firewalls running CARP with BGP.
      Diverse path in the same data center.

      One circuit hits a Houston router, the other hits a Dallas router.

      Each firewall has 2 WAN interface with a /29 on each.

      We have a /25 that’s announced via BGP.
      One circuit is considered the primary.
      Fail over the secondary works fine if we reboot the primary or physically pull the cable.

      Monday the data center made a mistake and added a policy that pretty much black holed the BGP traffic.  The firewalls did not fail over to the second circuit.

      So how can we make that happen?

      If I set the monitoring IP to lets say 8.8.8.8 for both gateways on the firewalls then set packet loss thresholds to lets say 50% or other metric.  So if the primary firewall cant ping that IP it will consider the route to be down.

      Is it correct that the firewalls will update the BGP announcement to be the secondary circuit if that happens?

      1 Reply Last reply Reply Quote 0
      • H
        Heimire
        last edited by

        Any suggestion would be helpful.

        8.8.8.8 gives us a bit of packet loss.
        Any other suggestion on something to use for monitoring.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.