On 8/21/2012 4:38 AM, Tobias Crefeld wrote:
We have another setup, especially without Cisco but with CARP and OSPF
as well.
Very generally speaking: "real" interfaces should get configured if
they connect OSPF-enabled routers. And CARP interfaces should only get
configured with the option { passive } .
If they belong to the same network it might be necessary to play with
metrics. In that case it's often better to leave out the CARP
interfaces because the Ciscos don't need them - they have OSPF to
handle load balancing or failover of the OpenBSD boxes. But ok., I
understand that you prefer CARP in order to make pf keeping track of
open connections during failover.
Well, it seems that carp isn't actually needed for pfsync (at least not
in this setup so far that I've found) to work correctly and just relying
on OSPF seems to do the trick.
There is a short delay of a couple seconds while the routes update, but
it's not terribly annoying (and obviously won't happen often).
Thanks!
BTW: Using "ospfctl reload" after a change in configuration or network
topology sometimes has no effect. It might be necessary to kill and
restart ospfd.
Interesting and good to know.
-brian
