Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Blason_R
Advisor

How do I achieve failover with below topology and requirement

Jump to solution

Hi Team,

We currently have R1 and R2  router. Both have reachability to 10.100.0.0/16 subnet. However on L3 switch HO it does not support dynamic protocols and I need to achieve failover or redundancy for 10.100.0.0/16 originating from 172.31.21.0/24

Primarily traffic is routed to 10.11.12.2 for 10.100.0.0/16 [subnet specific route] and R1 has eBGP enabled with remote L3. Or my default route is pointed to 10.44.44.2. We  wanted to ensure lets suppose if my connectivity between 192.168.15.1 and 2 fails [which is a MPLS link] I have a Site-site tunnel configured as well between R2 and remote L3 which is through Internet and VTI again those have BGP peering enabled for 10.100.0.0/16

Any idea how can I achive failover here? I am planning to replace those R1 and R2 by Check Point 6000 devices and planning to use BGP however I am stuck in this failover scenario

One possibility I was thinking about joining R1 and R2 and can configure bgp there? or route redistribution? Pls help

0 Kudos
1 Solution

Accepted Solutions
Blason_R
Advisor

OK - Finally I resolved with lot of R&D. However my topology assumption was wrong since AS in global to router or firewall and I was assuming router or firewall is part of Two AS.

I had to configure ebgp between R1-R2 and given higher weightage to R2 path

View solution in original post

4 Replies
the_rock
Authority
Authority

Just to make sure I get this right, so you are replacing R1 and R2 with CP devices and want to ensure that there is failover scenario in case of any routing problems? If so, yes, BGP would make most sense...or did I misunderstand something?

 

Cheers.

0 Kudos
Blason_R
Advisor

This is correct. I'll be replacing those with 6600 appliances. Both are separate firewall and being managed by same management server. I can configure the eBGP going to 10.100/16 on both of those. However wanted to ensure a redundancy for 10.100/16 as primary path would be through R1(Firewall1) and if that link fails how do I automatically divert traffic to through R2?

What exact changes needed between R1 & r2 (accordingly on Firewall1 and Firewall2)

0 Kudos
Blason_R
Advisor

I guess I need to configure iBGP between Firewall1 and 2 and redistribute routes learned from ebgp to ibgp?

0 Kudos
Blason_R
Advisor

OK - Finally I resolved with lot of R&D. However my topology assumption was wrong since AS in global to router or firewall and I was assuming router or firewall is part of Two AS.

I had to configure ebgp between R1-R2 and given higher weightage to R2 path

View solution in original post