Well, it is usually possible to configure the policy, so that should not really be an issue.
W.r.t. the routing: unfortunately it is not that simple. I need to announce the active routes (active IPsec tunnels) on BGP.
This server is running in a separate CHR from the core router, and the tunnels can be anywhere.
The trick shown above works for newly established tunnels, which is the most important to act quickly.
I can schedule another script that walks along the installed routes (recognizable by comment) and checks if the tunnel is still active.
It is OK when that runs only ever 5 minutes or so.
W.r.t. the routing: unfortunately it is not that simple. I need to announce the active routes (active IPsec tunnels) on BGP.
This server is running in a separate CHR from the core router, and the tunnels can be anywhere.
The trick shown above works for newly established tunnels, which is the most important to act quickly.
I can schedule another script that walks along the installed routes (recognizable by comment) and checks if the tunnel is still active.
It is OK when that runs only ever 5 minutes or so.
Statistics: Posted by pe1chl — Mon Jan 27, 2025 9:17 pm