On Sun, 18 Jun 2017 09:52:13 +0000 (UTC) Stuart Henderson <s...@spacehopper.org> wrote:
> On 2017-06-18, Marko Cupać <marko.cu...@mimar.rs> wrote: > > Hi, > > > > I have setup similar to: > > > > R1 > > bnx0--bnx1 > > | | R3 > > LAN1---carp0 carp1----------em0--em2---LAN2 > > | | > > bnx0--bnx1 > > R2 > > > > How can I run OSPF between R3 and carped R1 and R2? I tried with gre > > tunnel from carp1 to em0 but it doesn't work well. > > > > Thank you in advance, > > Try this: > > Run ospf on bnx1 on R1/2. You will need separate IP addresses on bnx1 > for each of R1/R2, you can't just use a single address on the carp1 > interface. (iirc you want it like carp1 10.0.0.1/32, r1-bnx1 > 10.0.0.2/24, r2-bnx1 10.0.0.3/24, but it may be /24 on all of them). > > For carp0/bnx0 interfaces, run ospf passive on carp0, and the subnet's > prefix (/24 or whatever) needs to be on carp0. > Hi, thank you for looking into it. I forgot to mention crucial fact - there's no direct link between carp1 and em0 - those interfaces have public IP addresses and communicate over Internet. I guess I could create two gre tunnels - from em0 to each bnx1, and run ospf over them. Passive ospf interface carp0 would then make sure to announce LAN1 over active carp member. I could then protect gre traffic with transport mode ipsec. If someone has experience with similar setup please chime in. Best regards, -- Before enlightenment - chop wood, draw water. After enlightenment - chop wood, draw water. Marko Cupać https://www.mimar.rs/
