Thanks for everyone's replies :)
We have to use CARP on the external interfaces as some of the internal
networks are RFC1918 and so NATing on the CARP etc.. Other internal
nets are routed! :-/
"No, but does it matter anyway?" - Good point.. What I should have
really asked is how can I ensure that the route with the lowest
metric/cost is the one pointing to the master..
I would rather their was a re-convergence (our CARP is stable) than
have the situation where a packet enters the backup firewall, goes to
an internal server etc, and for the server to then reply via the CARP
IP/the other firewall..
Marko; I did think of your idea too (hard-coding a higher metric or
priority integer on the backup), but I wouldn't want to make this fixed
to one physical firewall as the CARP master role does swap around
(usually during maintenance etc).
""Reinstate ospfd(8) code to announce routes to backup carp interfaces,
so that a specific route is maintained during failover." ..which I
think means it actually will announce it when being carp slave, but
with a higher cost/metric/whateveritsname."
!! This would be amazing and exactly what I'm after :) (assuming that
the carp backup announces with a higher cost..)
Thanks for your thoughts everyone, would spend a lot more time walking
around in the dark if it wasn't for peoples insights on this list :)
Cheers, Andy.
On Tue 01 Oct 2013 22:42:15 BST, Stuart Henderson wrote:
On 2013-10-01, Andy <a...@brandwatch.com> wrote:
Is there a way of ensuring that the CARP master is the one which is
FULL/DR, and the CARP backup is FULL/BDR?
No, but does it matter anyway? I don't believe it affects route selection,
and you wouldn't usually want more network instability from having a DR
election when the devices change CARP state..
