3 WAN's BGP Single Router HA
-
Hey all.
We currently have 3 WAN connections supplied by 3 different ISP's. We have each circuit connected to its own dedicated router. All 3 routers are running BGP sharing the same /24 network advertisement. To provide redundancy between the routers we are also running vrrp.
I would like to move to a pfsense based solution using two physical pfsense box's in HA. All 3 circuits would be terminated to the single pfsence box and BGP would be done from within that single box. I would also like to bond the LAN side to two independent switches to reduce single points of failure.
I am thinking this should be doable. Appreciate any input on the subject.
-
Thinking about this more. How do you guys connect a single ISP handoff to 2 pfsense machines configured in HA. Currently all of my ISP's hand off a single ethernet connection.
I am hoping my ISP's can siply enable another port on their ONT/switch which I can run to the secondary pfsense box.
-
Thinking about this more. How do you guys connect a single ISP handoff to 2 pfsense machines configured in HA. Currently all of my ISP's hand off a single ethernet connection.
I am hoping my ISP's can siply enable another port on their ONT/switch which I can run to the secondary pfsense box.
I was thinking implementing a switch after our ONT would be a single point of failure. After some thought I realized BGP would detect the link as down and fail us over to the other circuits. So a switch after our ONT shouldn't be a big deal.
Now I just need to decide if I want to do a carp based hardware HA or virtual HA. Carp seems to have its advantages, but its a completely new concept for me.