I am using OSPFv2 between the CERs and the Firewalls. Failover works just fine, however when I fail an OSPF link that has the active default route, ingress traffic still routes fine and dandy, but egress traffic doesn't. Both Netiron's OSPF are setup to advertise they are the default route.
What I'm wondering is, if OSPF is the right solution for this. How do others solve this problem?
Thanks,
Bret
Man, I would have a lot of questions. The CER's are a layer2/3 switch. What is the topology and how are you "failing" the link? Are the links to the firewalls on a vlan with the interfaces being a ve on the CERs or are the interfaces to the firewalls "route-only"? Is that vlan trunked across on the link between the two switches? How are you failing it over? There are lots of "failover" things you could be doing (turning off the left router, turning off the left firewall, disabling the primary port from the left router to the left firewall). When you say it doesn't work are you saying that it doesn't work if you disable the port from the left router to the left firewall or are you saying it doesn't work with the right firewall takes over from the left or what. There are so many subtle configuration possibilities with these units that just given a wiring diagram without also seeing the config makes it hard to help. I am guessing that the connections to the firewalls are not MCT cluster trunks because you can't run layer3 routing protocols with MCT (yet) on the CERs. Is it link failover or device failover that isn't working?