Pfsense HA with BGP

Networking & Firewalls
1

Hello.

I have two pfsense Netgate 1537 firewall, they are setup with HA (Carp). I want to use BGP to distribute routes to rest of my network. I already run BGP in my core.

I have search for this but not found any good resource.

Is it possible to run BGP with CARP? If so, what is the best practice here? To use local pref to let the CARP interface in the standby look not that good?

Best regards

Tom

2

I would try to neighbor with the CARP IP and just make sure both FWs have the same BGP config. Whichever FW is active will then be the one that forms a neighborship. When the CARP IP fails over the existing neighborship breaks, but the other FW will re-establish it. This should any cause a few seconds of downtime, but should be easy to test so you have a baseline.