On Mon, Oct 17, 2005 at 10:35:07AM -0400, stan wrote:
> On Mon, Oct 17, 2005 at 04:12:48PM +0159, Claudio Jeker wrote:
> > On Mon, Oct 17, 2005 at 09:39:01AM -0400, stan wrote:
> > > I'm trying to do something that should be simple with ospfd from a
> > > snapshot
> > > from last week.
> > >
> > > I have a pair of carp's firewall/gatway boxes (3.7 machines) and they
> > > connect a single subnet to the corporate network. Corporate wans to move
> > > from rip to ospf. I'v set up the following ospfd.conf file:
> > >
> > >
> > > # $OpenBSD: ospfd.conf,v 1.2 2005/02/06 20:07:09 norby Exp $
> > >
> > > # macros
> > > # password="secret"
> > >
> > > # global configuration
> > > router-id 170.85.113.111
> > > # fib-update no
> > > # spf-delay 1
> > > # spf-holdtime 5
> > >
> > > # auth-key $password
> > > # auth-type none
> > > # hello-interval 10
> > > # metric 10
> > > # retransmit-interval 5
> > > # router-dead-time 40
> > > # router-priority 1
> > > # transmit-delay 1
> > >
> > > # areas
> > > area 0.0.0.120 {
> > > interface fxp0 {
> > > auth-type none
> > > }
> > > }
> > >
> > >
> > > fxp0 is the "external" interface. The CARP interface is fxp1, and the
> > > "internal" interface is fxp2. Presently I have pf off.
> > >
> > > When I start ospfd I get the routes advertised by corporate, but they
> > > don't
> > > see my route.
> > >
> > > What am I doing wrong?
> > >
> >
> > You're not advertising any routes with this setup. "redistribute static"
> > is probably what you are looking for.
> > Another option would be to use passive interfaces like
> >
> > area 0.0.0.120 {
> > interface fxp0 {
> > auth-type none
> > }
> > interface fxp2 {
> > passive
> > }
> > interface carp0 {
> > passive
> > }
> > }
>
> Could you explain what passive means in this context, please?
>
It's in the man page:
passive
Prevent transmission and reception of OSPF packets on this inter-
face.
The interface is still considered part of OSPF and therefor a stub network
LSA is redistributed but no OSPF traffic is done on that interface. This
is nice to add some directly connected interfaces or loopbacks instead of
using redistribute connected.
--
:wq Claudio
