Hi,
(i'm really sorry for my english, i'll do my best ! :)
It seems it's a frequent question, but i want to be sure about the setup.
I read all this thread, which was very interesting about CARP and OSPF :
http://marc.info/?l=openbsd-misc&m=125958449232344&w=4
I have a similar setup :
Two OpenBSD (4.9, let's say bsd1 and bsd2)) connected with :
- Network A (interconnection with other routers)
- Network B (Network behind the 2 openbsd).
My OpenBSD boxes are also acting as firewall for the network B.
On Network B side, i've a carp interface : the gateway for the servers on B.
Now, i want, with OSPF, to say to other routers in the interconnection
(Network A) : "Access to Network B is here !" :)
If i understood correctly the thread i found on marc.info, it seems that
we don't have to setup a CARP on Network A, and let OSPF do the job for
failover.
I setup this, *and it seems to work well.*
Routers in network A see 2 routes to Network B : bsd1 and bsd2.
For example :
First route : bsd1
Second route : bsd2
bsd1 is the master carp on network B.
So the ingoing traffic goest to bsd1, and the servers in B use their
gateway -> bsd1.
But if i do (manually) a carpdemote on bsd1, the the carp master will
switch to bsd2, but on the ospf side, the route will remain the same on
the routers in A.
So the ingoing traffic goes into bsd1, and the servers now use bsd2 to
go out.
Is it not a problem ? In terms of firewalling for example (keep state ?
will bsd2 authorize the trafic which is initiated by bsd1 ? maybe with
the help of pfsync ??)
Is it possible to have something like this :
Carp on Network A, and bsd1/bsd2 announce : "next hop for network B is
<ip_carp_on_networkA>" ?
Thank you by advance, and again, sorry for the poor english i use :)
--
Mathieu
