Using BGP for Firewall High Availability: Design and Software Upgrades
Remember the “BGP as High Availability Protocol” article Nicola Modena wrote a few months ago? He finally found time to extend it with BGP design considerations and a description of a seamless-and-safe firewall software upgrade procedure.
Latest blog posts in BGP in Data Center Fabrics series
- BGP Unnumbered Duct Tape
- Modern IBGP Design with AddPath and ORR
- Mixed Feelings about BGP Route Reflector Cluster ID
- BGP Route Reflector Myths
- Three Dimensions of BGP Address Family Nerd Knobs
- Feedback: Recursive BGP Next Hop Resolution
- Highlights: Dynamic Negotiation of BGP Capabilities
- Building a BGP Anycast Lab
- Optimal BGP Path Selection with BGP Additional Paths
- Dynamic Negotiation of BGP Capabilities
Recent posts in the same categories
design
- EVPN Designs: EBGP Everywhere
- One-Arm Hub-and-Spoke VPN with MPLS/VPN
- EVPN Hub-and-Spoke Layer-3 VPN
- Hub-and-Spoke VPN on a Single PE-Router
- Hub-and-Spoke VPN Topology
- EVPN Designs: Scaling IBGP with Route Reflectors
firewall
- Stateful Firewall Cluster High Availability Theater
- IPv6 Security in Layer-2 Firewalls
- Worth Reading: Off-Path Firewall with Traffic Engineering
- Configuring NSX-T Firewall with a CI/CD Pipeline
- Automating NSX-T Firewall Configuration
- Considerations for Host-based Firewalls (Part 2)