Tuning BGP Convergence in High-Availability Firewall Cluster Design
Two weeks ago Nicola Modena explained how to design BGP routing to implement resilient high-availability network services architecture. The next step to tackle was obvious: how do you fine-tune convergence times, and how does BGP convergence compare to the more traditional FHRP-based design.
The strategy I provide are the same as in the Petr article referring to BGP PIC: preparing a secondary path and minimizing the fault propagation delay. There are also other possibilities that fall into the "pe-ce link protection" category for the backbone side, that typically represents the most difficult element to optimize (this is very specific but can be the subject of a future post). However, the purpose of the article is broader because too often the only solution adopted for HA's firewall is Active/Standby with FHRP.
And yes, the solution is tested and sucessfully adopted with different vendor combinations.