topic How do I achieve failover with below topology and requirement in General Topics

How do I achieve failover with below topology and requirement

Blason_R — Thu, 05 Aug 2021 18:17:23 GMT

Hi Team,

We currently have R1 and R2 router. Both have reachability to 10.100.0.0/16 subnet. However on L3 switch HO it does not support dynamic protocols and I need to achieve failover or redundancy for 10.100.0.0/16 originating from 172.31.21.0/24

Primarily traffic is routed to 10.11.12.2 for 10.100.0.0/16 [subnet specific route] and R1 has eBGP enabled with remote L3. Or my default route is pointed to 10.44.44.2. We wanted to ensure lets suppose if my connectivity between 192.168.15.1 and 2 fails [which is a MPLS link] I have a Site-site tunnel configured as well between R2 and remote L3 which is through Internet and VTI again those have BGP peering enabled for 10.100.0.0/16

Any idea how can I achive failover here? I am planning to replace those R1 and R2 by Check Point 6000 devices and planning to use BGP however I am stuck in this failover scenario

One possibility I was thinking about joining R1 and R2 and can configure bgp there? or route redistribution? Pls help

Re: How do I achieve failover with below topology and requirement

the_rock — Thu, 05 Aug 2021 20:00:06 GMT

Just to make sure I get this right, so you are replacing R1 and R2 with CP devices and want to ensure that there is failover scenario in case of any routing problems? If so, yes, BGP would make most sense...or did I misunderstand something?

Cheers.

Re: How do I achieve failover with below topology and requirement

Blason_R — Fri, 06 Aug 2021 02:23:06 GMT

This is correct. I'll be replacing those with 6600 appliances. Both are separate firewall and being managed by same management server. I can configure the eBGP going to 10.100/16 on both of those. However wanted to ensure a redundancy for 10.100/16 as primary path would be through R1(Firewall1) and if that link fails how do I automatically divert traffic to through R2?

What exact changes needed between R1 & r2 (accordingly on Firewall1 and Firewall2)

Re: How do I achieve failover with below topology and requirement

Blason_R — Fri, 06 Aug 2021 03:20:18 GMT

I guess I need to configure iBGP between Firewall1 and 2 and redistribute routes learned from ebgp to ibgp?

Re: How do I achieve failover with below topology and requirement

Blason_R — Fri, 06 Aug 2021 04:12:10 GMT

OK - Finally I resolved with lot of R&D. However my topology assumption was wrong since AS in global to router or firewall and I was assuming router or firewall is part of Two AS.

I had to configure ebgp between R1-R2 and given higher weightage to R2 path