3 WAN's BGP Single Router HA



  • Hey all.

    We currently have 3 WAN connections supplied by 3 different ISP's.  We have each circuit connected to its own dedicated router.  All 3 routers are running BGP sharing the same /24 network advertisement.  To provide redundancy between the routers we are also running vrrp.

    I would like to move to a pfsense based solution using two physical pfsense box's in HA.  All 3 circuits would be terminated to the single pfsence box and BGP would be done from within that single box.  I would also like to bond the LAN side to two independent switches to reduce single points of failure.

    I am thinking this should be doable.  Appreciate any input on the subject.



  • Thinking about this more.  How do you guys connect a single ISP handoff to 2 pfsense machines configured in HA.  Currently all of my ISP's hand off a single ethernet connection.

    I am hoping my ISP's can siply enable another port on their ONT/switch which I can run to the secondary pfsense box.



  • @adambmedent:

    Thinking about this more.  How do you guys connect a single ISP handoff to 2 pfsense machines configured in HA.  Currently all of my ISP's hand off a single ethernet connection.

    I am hoping my ISP's can siply enable another port on their ONT/switch which I can run to the secondary pfsense box.

    I was thinking implementing a switch after our ONT would be a single point of failure.  After some thought I realized BGP would detect the link as down and fail us over to the other circuits.  So a switch after our ONT shouldn't be a big deal.

    Now I just need to decide if I want to do a carp based hardware HA or virtual HA.  Carp seems to have its advantages, but its a completely new concept for me.


Log in to reply