Two router ha setup questions
Alessandro Brega
alessandro.brega1 at gmail.com
Fri Jan 21 15:49:47 CET 2022
Hello guys,
I have two identically configured routers (bird2, only the local ip is
different), connected to one upstream and a few internal vlans. Each router
has a BGP session with the upstream router. I have a couple of small local
subnets (/27, /28, ..), which are on different vlan interfaces, which I
need to announce to upstream. They all belong to one big network (/23). As
the upstream router doesn't accept routes smaller than /24, I only announce
a single route to the /23 network. I uploaded my bird configuration
https://controlc.com/aa226135.
For completeness: for first hop redundancy (default gateway of the clients
using the small subnets) I use keepalived on my routers, which works fine
so far.
What's the problem:
As both routers announce the same network to upstream, upstream sends some
of its traffic to router1 and some to router2 (but doesn't seem balanced in
any way). This seems to cause (at least) tcp ordering issues (I suspect,
couldn't confirm it in any way), because sometime some connections from
local client to clients behind the upstream "hang" for a couple of seconds.
If I stop bird on the backup router (so all traffic only goes to the active
one) no hangs occur.
The question:
Is my setup ok or is it (completely) broken? Is it ok to have both routers
announce the same subnets at the same time?
Possible solution I'm thinking about but don't know how to do it:
Both routers should have an active BGP sessions (for fast failover), but
only the router which is active (and thus has the gateway ips) should
announce the "aggregated" route (the /23). This way no traffic would go
over the backup. But I wonder how this could be configured in bird? I could
configure keepalived to not only create the gateway ips but also the small
subnets (in my current config the subnets are created by bird). Would this
make things easier for bird?
My last resort would be to have keepalived execute scripts which
reconfigure bird on failover. But somehow this feels wrong? Or is this the
way to do it?
Thank you very much for reading and any help. I'm struggling with this for
days now... :-(
Alessandro
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://trubka.network.cz/pipermail/bird-users/attachments/20220121/3f10b251/attachment.htm>
More information about the Bird-users
mailing list