On 2011-09-02, Mathieu BLANC <mathieu.bl...@smile.fr> wrote:
> I setup this, *and it seems to work well.*
> Routers in network A see 2 routes to Network B : bsd1 and bsd2.
> For example :
> First route : bsd1
> Second route : bsd2
>
> bsd1 is the master carp on network B.
> So the ingoing traffic goest to bsd1, and the servers in B use their
> gateway -> bsd1.
>
> But if i do (manually) a carpdemote on bsd1, the the carp master will
> switch to bsd2, but on the ospf side, the route will remain the same on
> the routers in A.
>
> So the ingoing traffic goes into bsd1, and the servers now use bsd2 to
> go out.
> Is it not a problem ? In terms of firewalling for example (keep state ?
> will bsd2 authorize the trafic which is initiated by bsd1 ? maybe with
> the help of pfsync ??)
pfsync(4) can handle this if you use 'defer', see the pfsync manpage,
but this is normally only desirable for load-balancing.
In the situation you describe, the network A should send all of
network B's traffic to whichever machine is currently carp master.
For this setup you need to:-
1. have the subnet (not a /32) configured on the carpXX interface
2. use 'interface carpXX { passive }' in ospfd.conf
If this doesn't help, please show ospfd.conf files and 'ifconfig -A'
output.
