Hehe, curly one here :-)
I'm currently planning a total re-implementation of the network here to
provide as much fault tolerance as possible. That means I'm going to
need multiple upstream connections running BGP4, and multiple firewalls
that can auto-failover.
This is all made more complex because internally we're running 3
separate subnets (workstations, servers, and colocated servers), and
they all need to be kept segregated and untrusted.
I've drawn up a diagram of the proposed structure and it looks a bit
like a bowl of spaghetti:
I've tried to eliminate as many potential single points of failure as
possible, for example by using multiple switches between the routers and
the firewalls. The only part where there is no duplication is the
internal switches to the servers, mainly because in this topology it
would require another 3 ethernet cards per firewall for a scare total of
The border routers will be Debian / Zebra machines running BGP4 on the
upstream links, and something else suitable (maybe iBGP4?) on the
Firewalls will be Debian / IPtables machines, masquerading for the
machines on the internal switches.
Either firewall will need to be able to detect failure of the other,
perhaps using a direct crossover cable (magenta in the diagram) and then
assume the IP and MAC addresses of the failed machine. Ditto for the
So, the reason for posting: has anyone here done anything like this, or
have alternative ideas about how it could be set up? Does my plan make
sense? Is there a way to set this up without requiring 6 ethernet cards
Did I make an enormous blunder and should now retreat back under a rock?