I'm not sure because at that point I gave up on CARP completely and just let OSPF failover to the secondary firewall if the first stops working.
-brian On Oct 1, 2013, at 10:01, Andy <a...@brandwatch.com> wrote: > On 01/10/13 14:32, Brian Hechinger wrote: >> On Tue, Oct 01, 2013 at 09:19:20AM +0100, Andy wrote: >>> Also is there no way to have the CARP IP be the IP which is advertised >>> as the neighbor ensuring that traffic is always sent to the CARP IP >>> instead (I would MUCH prefer this!). >> I spent an enormous amount of time trying to answer this same question. >> What I ended up coming up with was that the answer was definitely not. >> >> It's unfortunate and I no longer remember the exact reason why. >> >> I wish I were wrong. Using the CARP interface for OSPF would be >> wonderful. >> >> -brian > > I couldn't agree more! > > Is there a way of ensuring that the CARP master is the one which is FULL/DR, > and the CARP backup is FULL/BDR? > > At the moment I seem to have some of my CARP backup firewalls being the > Designated Router > > Cheers, Andy.