Shorewall users - Jun 2002 - zebra bgp and shorewall

Hi,

I plan to implement a redundant Internet connection using BGP on 2
different Linux Routers.  The routing daemon software I will be using is
Zebra (zebra.org).

I''m wondering if I should have my Linux firewall behind the 2 BGP
routers,
or could I keep the shorewall on both BGP routers?

Has anyone had any experience with this?

Any help is much appreciated.

Thanks,

Sam
----------------
Sam White
Lotus Notes Administrator
LAN/WAN/Telco Engineer

S. Schwab Company
12101 Upper Potomac Industrial Park
Cumberland, MD  21502
301-729-4488  - x 1621
e-mail:  swhite@sschwab.com
http://www.littleme.com

=20
> I plan to implement a redundant Internet connection using BGP on 2
> different Linux Routers.  The routing daemon software I will=20
> be using is
> Zebra (zebra.org).
>=20
> I''m wondering if I should have my Linux firewall behind the 2=20
> BGP routers,
> or could I keep the shorewall on both BGP routers?
You could run two firewalls, but it would be an unnecessary administrative
burden keeping them both in sync, up-to-date, monitored, etc. It''s not
only much easier to manage, but if something bad gets inside, you don''t
have to figure out which box it might have come through.

Of course, multiple firewalls may be required for a high-availability clustering
or fail-over scenario, but that''s different than setting up two
firewalls just to accommodate different outside routes.

Ron
=20