Hi folks,
I’m just having a strange issue using OpenBSD 6.6 and BGP .
I have two OpenBSD firewalls with a carp configuration, let’s suppose the
shared IP is 10.10.10.100, and I am able to announce 10.10.10.100/32 via BGP.
Now, here is my /etc/bgpd.conf configuration:
# define our own ASN as a macro
ASN=“65000"
rde med compare always
# global configuration
AS $ASN
router-id 172.10.10.3
# list of networks that may be originated by our ASN
prefix-set mynetworks { \
10.10.10.100/32 \
}
# Generate routes for the networks our ASN will originate.
# The communities (read 'tags') are later used to match on what
# is announced to EBGP neighbors
network prefix-set mynetworks set { community $ASN:1 med 10 }
# upstream providers
group "upstreams" {
remote-as 20746
neighbor 172.10.10.1 {
descr “provider router 01"
}
neighbor 172.10.10.2 {
descr “provider router 02"
}
}
## rules section
allow from group upstreams prefix 0.0.0.0/0
# IBGP: allow all updates to and from our IBGP neighbors
allow from ibgp
allow to ibgp
allow to ebgp prefix-set mynetworks
The problem I’m facing is due to (i guess) provider router misconfiguration, in
fact, routers are forwarding traffic to carp slave and unexpectedly everything
is working fine: firewall is accepting connections and forwarding traffic, for
example if I try to SSH:
~# ssh -l root 10.10.10.100
[root@fw-02 root]# ifconfig | grep vhid
carp: BACKUP carpdev vlan100 vhid 10 advbase 1 advskew 10
I’ve asked provider to change BGP configuration and everything now is stetted
up correctly, now, the question is:
Is the carp slave accepting and forwarding connections by design or is it un
“unintended" feature?
thank you for your time!
keep rock on!
Luca
