On Mon, Oct 17, 2005 at 05:16:20PM +0200, Claudio Jeker wrote:
> On Mon, Oct 17, 2005 at 10:35:07AM -0400, stan wrote:
> > On Mon, Oct 17, 2005 at 04:12:48PM +0159, Claudio Jeker wrote:
> > > On Mon, Oct 17, 2005 at 09:39:01AM -0400, stan wrote:
> > > > I'm trying to do something that should be simple with ospfd from a
> > > > snapshot
> > > > from last week.
> > > >
> > > > I have a pair of carp's firewall/gatway boxes (3.7 machines) and they
> > > > connect a single subnet to the corporate network. Corporate wans to move
> > > > from rip to ospf. I'v set up the following ospfd.conf file:
> > > >
> > > >
> > > > # $OpenBSD: ospfd.conf,v 1.2 2005/02/06 20:07:09 norby Exp $
> > > >
> > > > # macros
> > > > # password="secret"
> > > >
> > > > # global configuration
> > > > router-id 170.85.113.111
> > > > # fib-update no
> > > > # spf-delay 1
> > > > # spf-holdtime 5
> > > >
> > > > # auth-key $password
> > > > # auth-type none
> > > > # hello-interval 10
> > > > # metric 10
> > > > # retransmit-interval 5
> > > > # router-dead-time 40
> > > > # router-priority 1
> > > > # transmit-delay 1
> > > >
> > > > # areas
> > > > area 0.0.0.120 {
> > > > interface fxp0 {
> > > > auth-type none
> > > > }
> > > > }
> > > >
> > > >
> > > > fxp0 is the "external" interface. The CARP interface is fxp1, and the
> > > > "internal" interface is fxp2. Presently I have pf off.
> > > >
> > > > When I start ospfd I get the routes advertised by corporate, but they
> > > > don't
> > > > see my route.
> > > >
> > > > What am I doing wrong?
> > > >
> > >
> > > You're not advertising any routes with this setup. "redistribute static"
> > > is probably what you are looking for.
> > > Another option would be to use passive interfaces like
> > >
> > > area 0.0.0.120 {
> > > interface fxp0 {
> > > auth-type none
> > > }
> > > interface fxp2 {
> > > passive
> > > }
> > > interface carp0 {
> > > passive
> > > }
> > > }
> >
> > Could you explain what passive means in this context, please?
> >
>
> It's in the man page:
> passive
> Prevent transmission and reception of OSPF packets on this inter-
> face.
>
> The interface is still considered part of OSPF and therefor a stub network
> LSA is redistributed but no OSPF traffic is done on that interface. This
> is nice to add some directly connected interfaces or loopbacks instead of
> using redistribute connected.
Thanks.
So, in my case by not listing the pfsync interface (which is fxp1) in the
ospfd.conf file at all. Neither will it be advertised, nor will traffic be
sent over it, right?
--
U.S. Encouraged by Vietnam Vote - Officials Cite 83% Turnout Despite Vietcong
Terror
- New York Times 9/3/1967
