28 Feb 2021, 11:28 by stu@spacehopper.org:
> On 2021/02/28 11:46, Rachel Roch wrote:
>
>> Thank you all for the suggestions, I am currently testing a few of them.
>>
>> Incase it makes any difference, the underlying problem I have is I have two firewalls with BGP upstreams, one acting as primary, one as standby. So the problem I am seeing is the age-old problem of asymmetric traffic to the secondary firewall meaning pkg_add on the secondary doesn't work.
>>
>
> You can't just get two sessions from your upstreams so they can both be
> active rather than one in standby?
>
Maybe my wording is a little off.
I do have independent sessions from FW1 and FW2 to upstream routers.
The problem, I suspect, is more to do with overlapping of IP ranges being advertised to upstreams, and hence traffic never making it back to FW2 because FW1 picks it up, hence the desire to have an effective way to tell OpenBSD "send all localhost originating traffic from lo2 because the IPs on lo2 are exclusive to that host".
No comments:
Post a Comment