hey guys,
I have a couple of firewalling routers, running
OpenBSD 4.2 + pf + carp + OpenOSPFD.
Similar to the below:
| |
|.2 |.3 192.168.1.0/24
| .1(CARP addy) |
------- -------
| fw1 | | fw2 |
| | | |
-------- --------
| .2 | .3 192.168.2.0/24
| .1 (CARP addy) |
--------------------------------
|
| .111
-------
| Host|
| |
-------
Both routers run OSPF, with the following in their config:
area 0.0.0.2 {
interface em0
interface carp1
interface carp2
}
Where em0 is the external interface.
FW1 is advskewed to be master.
Now, this is all fine and works a treat. I can reach the host fine, and
OSPF pays attention to the status of the CARP master / backup
interfaces.
Now, I want to add an new router, next to the Host. To do that, I enable
ospf on the internal interface, by adding "interface em1" to the area
0.0.0.2 stanza above.
Suddenly, ospfd stops honouring the CARP status, and connectivity to the
host becomes sporadic. I.e. Inbound packets go through fw1, master and
the host attempts to default router back through the CARP address (.1)
OSPF, however, announces fw2 the designated router, so packets bing over
to that, where they are blocked as (I guess) state isn't replicated
quickly enough.
Any ideas where I'm going wrong?
-- joe.
God, how I wish I didn't exist.
