Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    3 WAN's BGP Single Router HA

    Scheduled Pinned Locked Moved Routing and Multi WAN
    3 Posts 1 Posters 902 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      adambmedent
      last edited by

      Hey all.

      We currently have 3 WAN connections supplied by 3 different ISP's.  We have each circuit connected to its own dedicated router.  All 3 routers are running BGP sharing the same /24 network advertisement.  To provide redundancy between the routers we are also running vrrp.

      I would like to move to a pfsense based solution using two physical pfsense box's in HA.  All 3 circuits would be terminated to the single pfsence box and BGP would be done from within that single box.  I would also like to bond the LAN side to two independent switches to reduce single points of failure.

      I am thinking this should be doable.  Appreciate any input on the subject.

      1 Reply Last reply Reply Quote 0
      • A
        adambmedent
        last edited by

        Thinking about this more.  How do you guys connect a single ISP handoff to 2 pfsense machines configured in HA.  Currently all of my ISP's hand off a single ethernet connection.

        I am hoping my ISP's can siply enable another port on their ONT/switch which I can run to the secondary pfsense box.

        1 Reply Last reply Reply Quote 0
        • A
          adambmedent
          last edited by

          @adambmedent:

          Thinking about this more.  How do you guys connect a single ISP handoff to 2 pfsense machines configured in HA.  Currently all of my ISP's hand off a single ethernet connection.

          I am hoping my ISP's can siply enable another port on their ONT/switch which I can run to the secondary pfsense box.

          I was thinking implementing a switch after our ONT would be a single point of failure.  After some thought I realized BGP would detect the link as down and fail us over to the other circuits.  So a switch after our ONT shouldn't be a big deal.

          Now I just need to decide if I want to do a carp based hardware HA or virtual HA.  Carp seems to have its advantages, but its a completely new concept for me.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.