I'm trying to implement full dynamic routing with eBGP + Full Mesh iBGP + OSPF in my current network and am having some issues. I have a 2 routers + 2 firewall setup with no default routes on any nodes. The 2 routers are plugged into the upstream provider and are both receiving full routes in addition to a default from the provider. The 2 firewalls have a carp address internally only for the servers and are speaking iBGP + OSPF with all other nodes. I noticed that the two firewalls do not forward there iBGP learned routes to one another. Is this intended/expected behavior? Shouldn't they each see the iBGP view from each other since i have the "announce all" directive?
I must have something set up wrong or maybe I am asking the wrong questions? Maybe I should describe my problem My problem is if unplug the external link of the firewall. Outgoing traffic still hits the Master Carp device since I have no corresponding carp device on the outside to force preemption if the external link goes down. But because iBGP connections to the routers are severed and and all associated routes, including the default are lost, I essentially blackhole outbound traffic.(As inbound traffic is forwarded to the secondary firewall due to the OSPF routes). And I had a "redistribute default" configured in ospfd.conf on the routers, however I had problems with this setup as well when I unplugged the external link on the firewall but this could have been due to my pf configuration on the firewalls. Should I re-investigate this scenario? Also how how quickly should traffic be rerouted with OSPF if a link dies? Is this dependent on the number of routes learned from eBGP? I've noticed varying time frames when experimenting unplugging different links. Anywhere from a few seconds to a few minutes? I'm not sure what is typical? Thanks.
