I've got two OpenBSD boxes acting as my border router[s], talking BGP to
a small # (~4) of peers.
At the moment, I've got them using carp(4) on every interface, and
bgpd.conf has for each neighbor{} stanza, a "depend on carpX" line.
This works, more or less, but failover is anything but instantaneous -
at least one upstream loses my advertisements for a couple of minutes in
a failover event. Also, their default gateway points to a non-BGP
router so they have a "back door" if bgp fails completely for some
reason (e.g. typo in bgpd.conf, not sure what else), so I lose outbound
connectivity until bgpd establishes new sessions and pulls in an entire
routing table.
I think I can solve the outbound loss of connectivity during failover
simply by changing the default gateway to point at a BGP peer.
The loss of inbound would, at first glance, appear to be caused by my
peer not having soft-reconfig enabled, but they say it is enabled for
them, and it's supposed to be on by default in bgpd(8) on my side.
Any ideas/suggestions/recommendations?
For at least one peer, I can probably get them to peer with both routers
simultaneously - but a) does this add much value?, and b) would it work
at all if the "LAN" interface [so to speak] is currently not the CARP
master?
--
-Adam Thompson
[email protected]
