I need to implement WAN failover with a primary circuit that has BGP advertising public IPs to devices and a secondary circuit that is a standard broadband circuit without any BGP.
Would it be possible to implement the above solution and then create a NAT Rule that will NAT the BGP /24 out a single /30 IP on the secondary broadband circuit?
Short answer to the question is yes: you can set up NAT (masquerade) on the secondary broadband circuit to handle any internal IP addresses, public or not.
The issue is that all existing sessions for downstream devices will stop working. Web browsing won’t notice so much, but meetings like Teams and Zoom will fail /require a reconnect. Likewise, when the BGP-enabled circuit is restored, the same thing will happen again in sporadic ways.
If it’s to prevent total catastrophic failure for the end-users, and they can tolerate the occasional disruptions which might happen during an extended outage like a fiber cut, then that’s no big deal. If you run into the situation that your BGP-enabled circuit starts bouncing over the course of a few minutes or hours, it will cause havoc on the network unless you manually intervene and force traffic through the backup until the primary link stabilizes.
One trick to maintain stability using the BGP-announced IP addresses is to build a VPN tunnel over the secondary link back to a point where you can announce those IP’s, either to your existing provider (if they offer that as an option), or to a second provider, presuming your IP block is a /24.
Thanks for the response. I’ll be trying to implement this soon then.
Understood on the issue it will cause for downstreams devices. This is meant to be solely a backup solution in the event of a primary outage. If there’s minor headaches when such an outage occurs, it’s better than a total outage.