Hello,
I have started deploying OSPF in our test environment before deploying
it out to the production network.
We have two Cisco ASR 1002 IOS XE routers in the middle of our Area 0
which have the Transit connections to the rest of the world etc.
And we have OpenBSD firewalls (CARP pairs etc) located at each of our
main sites (3 sites in total). Each site is connected up to the two core
cisco routers via layer 2 links via 3 interfaces on each Cisco router.
All interfaces on the Cisco routers are area 0, and the OpenBSD
firewalls external interfaces which connect up to the Cisco's are also
area 0 to act as ABR's. Behind each OpenBSD pair at each of the 3 sites
will be a different OSPF area.
I am struggling to work out how I should best configure ospfd.conf with
regards to CARP? I have come across discussion in the Internet with
people saying that if traffic is received on the back OpenBSD box and it
has no connection to the LAN, it should send the traffic to the other
firewall via the PFSYNC crossover link. But I cannot find any examples
of how to actually achieve this?
Also is there no way to have the CARP IP be the IP which is advertised
as the neighbor ensuring that traffic is always sent to the CARP IP
instead (I would MUCH prefer this!).
Finally I have read the man pages but I cannot see how to best use the
'demote' attribute to increase the carp demotion counter?
I have read 'Routing with OpenBSD using OpenOSPFD and OpenBGPD', but
this only shows an example where the internal LAN connection is a CARP.
I have no choice but to run these as both firewalls and routers and I
must have CARP for redundancy etc.
Any advice or good URLs would be greatly appreciated.
Thanks, Andy.
