I have to configure a redundant gateway with Debian boxes and I would like to get some recommendation what's the best solution in my case. There are certain limitations in my setup and I have to go for sure (100% working).
I read this guide: http://www.linuxjournal.com/article/10964
and
The one thing I don't have here is a 3rd ethernet interface. The problem is that the gateway I have to make redundant is already used in production. It is not a possibility to take it off even for a second. It has 2 NICs:
eth1 - internet facing
vlan 1 bgp peering to provider A
vlan 2 bgp peering to provider B (used as def route)*
vlan 3 bgp peering to provider C
eth0 - dmz facing
vlan 10 DMZ1
vlan 11 DMZ2
vlan 12 DMZ3
This original gateway does bgp peering (running bird), this is the only thing which really complicates on my setup, the firewall policy itself isn't that much.
What would be the best approach to implement a redundant firewall in my case without affecting the live production environment? If it's possible without changing/adding any ip address on the original gateway machine.
The only solution I can think of without reconfiguring a floating ips on the gateway (and risking losing network connectivity) is to try to configure some sort of failover on the switch. Installing another machine with the exact same network configuration (interfaces, ips, routing talbe, bird settings) by itself is not an issue. Putting it online to be redundant is the problem.
