On 2013/03/12 09:27, Claudio Jeker wrote:
> On Tue, Mar 12, 2013 at 08:10:12AM +0000, Stuart Henderson wrote:
> > We changed the default state from UNKNOWN to INVALID, but backup is
> > still DOWN (which probably needs to stay like that, most things do want
> > it to work like this but ospfd is a special case).
>
> Still this feels wrong -- at least for my morning mind. Why should we
> annonce a stub network of a down carp interface in a RTR LSA? That box has
> no business to get the traffic and in the worst case all or some traffic
> will hit the backup box (depends on metrics). This will result in
> forwading troubles (at least I always get into trouble when that happens).
>
> Unlike passive interfaces that get an own NET LSA and can have a different
> metric stub networks can not do that. So we need to make sure that the
> resulting routing table on other systems stays correct.
>
> This is why I tell people to add carp interfaces as "interface carpX" to
> the config.
We have this code at present,
761 void
762 orig_rtr_lsa(struct area *area)
763 {
...
869 /*
870 * do not add a stub net LSA for interfaces that are:
871 * - down
872 * - have a linkstate which is down
873 */
874 if (!(iface->flags & IFF_UP) ||
875 !LINK_STATE_IS_UP(iface->linkstate))
876 continue;
877 log_debug("orig_rtr_lsa: stub net, "
878 "interface %s", iface->name);
879
880 rtr_link.id =
881 iface->addr.s_addr & iface->mask.s_addr;
882 rtr_link.data = iface->mask.s_addr;
883 rtr_link.type = LINK_TYPE_STUB_NET;
884
885 rtr_link.num_tos = 0;
886 /*
887 * backup carp interfaces are anounced with high metric
888 * for faster failover.
889 */
890 if (iface->media_type == IFT_CARP &&
891 iface->linkstate == LINK_STATE_DOWN)
892 rtr_link.metric = MAX_METRIC;
893 else
894 rtr_link.metric = htons(iface->metric);
895 num_links++;
896 if (ibuf_add(buf, &rtr_link, sizeof(rtr_link)))
897 fatalx("orig_rtr_lsa: ibuf_add failed");
898 continue;
ospfd regards all carp interfaces as passive, and it looks like all
the places dealing with announcing passive interfaces use orig_rtr_lsa.
886-893 were added in r1.73 ("Announce a stub network LSA for
backup carp interfaces. This should help when fail-over happens, since
removing the better route will not result in a blackhole until the
update from the new master is processed") but since the linkstate
changes in r1.83, when linkstate is down the "continue" in line 876
applies, so the conditional in 890-892 can never be used.
So my config on firewalls is with various "interface carpXX { passive }"
and "redistribute static", I don't use "redistribute connected". The output
below is from a router connected to the firewalls: without my diff I only
get the metric 10 links, with the diff applied I also get the metric 65535
ones.
$ ospfctl sh da rou
<snip>
LS age: 352
Options: -|-|-|-|-|-|-|-
LS Type: Router
Link State ID: xxx.9
Advertising Router: xxx.9
LS Seq Number: 0x8000cc58
Checksum: 0x27b9
Length: 312
Flags: *|*|*|*|*|-|-|-
Number of Links: 24
Link connected to: Stub Network
Link ID (Network ID): 10.88.15.0
Link Data (Network Mask): 255.255.255.224
Metric: 10
Link connected to: Stub Network
Link ID (Network ID): xxx.72
Link Data (Network Mask): 255.255.255.248
Metric: 10
Link connected to: Stub Network
Link ID (Network ID): xxx.128
Link Data (Network Mask): 255.255.255.240
Metric: 10
<snip>
LS age: 1740
Options: -|-|-|-|-|-|-|-
LS Type: Router
Link State ID: xxx.10
Advertising Router: xxx.10
LS Seq Number: 0x800075e9
Checksum: 0xf38b
Length: 312
Flags: *|*|*|*|*|-|-|-
Number of Links: 24
Link connected to: Stub Network
Link ID (Network ID): 10.88.15.0
Link Data (Network Mask): 255.255.255.224
Metric: 65535
Link connected to: Stub Network
Link ID (Network ID): xxx.72
Link Data (Network Mask): 255.255.255.248
Metric: 65535
Link connected to: Stub Network
Link ID (Network ID): xxx.128
Link Data (Network Mask): 255.255.255.240
Metric: 65535
<snip>
