BGP & CARP

Started by random1104, September 17, 2021, 04:22:28 AM

Previous topic - Next topic
Print
Go Down Pages 1 2
User actions
September 19, 2021, 10:18:34 PM #15
Some content regarding VIP and carp, I didnt read your last post yet

https://github.com/opnsense/plugins/issues/2540#issuecomment-922526058
September 20, 2021, 11:40:03 AM #16
Well, that seems the way to go for a OPNsense firewall regular usecase (firewall, VPN server, etc)

Active/Active would be nice, but doesn't play nice with the other services. As a pure router I wouldn't use opnsense, just linux with frr or bird for example.
September 20, 2021, 12:33:37 PM #17
You can always just install the pkg via CLI and don't use the UI, then you have the full power, with FRR or Bird
September 20, 2021, 01:28:51 PM #18
@random1104 you can still NAT the outbound BGP connection ...
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
September 20, 2021, 09:57:07 PM #19
Quote from: pmhausen on September 20, 2021, 01:28:51 PM
@random1104 you can still NAT the outbound BGP connection ...

Yup, taken from the ticket:

1- Keep default of listening in all interfaces
2- Blocking undesired traffic to the base/fixed IP
3- Only allowing incomming connections to the VIP
4- Setting up outgoing NAT to the remote routers
Print
Go Up Pages 1 2
User actions