DutchExport
MIS
Anyone with experience with IRB bridging (+etherchannel) and active/active firewalls? My intent is to not use an additional switch between both our ISP routers, configuration will be as follows, however not sure if there might be some pitfalls (don't have equipment to test yet!):
2x Netscreen 5400's
2x Cisco ASR1002's
- ISP is connected through Etherchannel 2x1Gbit/s
- router are cross-connected to facilitate bridged network
- routed interfaces on the bridged interface for iGP
### RTR1 ###
int port-channel 1
!
bridge irb
bridge 1 protocol ieee
bridge route ip
!
int g0/0
bridge-group 1
access-group 1
!
int g0/1
bridge-group 1
access-group 1
!
int g0/2 #CROSSOVER RTR1<->RTR2
bridge-group 1
!
int g0/3 # ISP-A LINK (MULTIHOMED BGP)
!
int BVI1
ip address 192.168.1.1 255.255.255.0
### RTR2 ###
int port-channel 1
!
bridge irb
bridge 1 protocol ieee
bridge route ip
!
int g0/0
bridge-group 1
access-group 1
!
int g0/1
bridge-group 1
access-group 1
!
int g0/2 #CROSSOVER RTR1<->RTR2
bridge-group 1
!
int g0/3 # ISP-B LINK (MULTIHOMED BGP)
!
int BVI1
ip address 192.168.1.2 255.255.255.0
2x Netscreen 5400's
2x Cisco ASR1002's
- ISP is connected through Etherchannel 2x1Gbit/s
- router are cross-connected to facilitate bridged network
- routed interfaces on the bridged interface for iGP
### RTR1 ###
int port-channel 1
!
bridge irb
bridge 1 protocol ieee
bridge route ip
!
int g0/0
bridge-group 1
access-group 1
!
int g0/1
bridge-group 1
access-group 1
!
int g0/2 #CROSSOVER RTR1<->RTR2
bridge-group 1
!
int g0/3 # ISP-A LINK (MULTIHOMED BGP)
!
int BVI1
ip address 192.168.1.1 255.255.255.0
### RTR2 ###
int port-channel 1
!
bridge irb
bridge 1 protocol ieee
bridge route ip
!
int g0/0
bridge-group 1
access-group 1
!
int g0/1
bridge-group 1
access-group 1
!
int g0/2 #CROSSOVER RTR1<->RTR2
bridge-group 1
!
int g0/3 # ISP-B LINK (MULTIHOMED BGP)
!
int BVI1
ip address 192.168.1.2 255.255.255.0
