On 02/10/13 12:31, Stuart Henderson wrote:
> On 2013/10/02 12:26, Andy wrote:
>> "No, but does it matter anyway?" - Good point.. What I should have
>> really asked is how can I ensure that the route with the lowest
>> metric/cost is the one pointing to the master..
> ospfd does that anyway (and DR/BDR are only ospf roles determining
> who synchronizes with other routers, it doesn't affect which is preferred
> for routing)
Hi, I've been working on this for a couple days now since your reply and
I'm not finding this is the case. All the routes are being announced
with the same cost from both the master and the slave and so the master
is not being preferred :( I'm probably doing something wrong..
I'm running 5.3 at the moment, and as per page 11 in 'Routing with
OpenBSD using OpenOSPFD and OpenBGPD' which reads: "redistribute
connected" got replaced with a "interface carp0". This ensures that the
announced network depends on the interface state of carp0. It is not
recommended to use "redistribute connected" with carp(4) because the
connected route is attached to the parent interface and so depends on
the link state of that interface and not of the carp(4) one.
I have two ABR OpenBSD firewalls connected to two Cisco routers via a
layer 2 link to connecting all 4 devices to each other. I have other
networks/OpenBSD firewalls (which also all show the same problem) also
connecting up to the Cisco's but to keep it short and sweet I'll omit
those unless interested and stick to the one example below.
/etc/ospfd.conf;
password="password"
router-id 10.0.10.5
fast-hello-interval msec 200
router-dead-time minimal
router-priority 1
rfc1583compat no
auth-type crypt
auth-md 1 $password
auth-md-keyid 1
area 0.0.0.0 {
# Main VPLS Link to Cisco 1 and Cisco 2
interface vlan900 { metric 100 }
# Announce via CARP Master
interface carp0
# Crossover link between firewalls
interface em3 { metric 110 }
# CARP Preempt
demote carp
}
area 0.0.0.1 {
# Main LAN Link 10.0.10.0/24
interface em1 { metric 100 }
# Announce via CARP Master
interface carp1
}
The same file is on the backup firewall but with a different router-id.
However on the Cisco routers I see routes for all the networks via both
of the firewalls with the same cost/metric :(
thor#show ip ospf route
. (omitted from brevity)
Inter-area Route List
*> 10.0.10.0/24, Inter, cost 101, area 0
via 185.25.30.22, GigabitEthernet0/0/1.900
via 185.25.30.21, GigabitEthernet0/0/1.900
*> 10.0.13.0/24, Inter, cost 101, area 0
via 185.25.31.156, GigabitEthernet0/0/2
via 185.25.31.157, GigabitEthernet0/0/2
*> 10.1.10.0/24, Inter, cost 101, area 0
via 185.25.31.157, GigabitEthernet0/0/2
via 185.25.31.156, GigabitEthernet0/0/2
I'm also confused by the output of ospfctl show interface;
[LIVE]root@ne1301test:~# ospfctl show inter
Interface Address State HelloTimer Linkstate Uptime nc ac
carp1 10.0.10.4/24 DOWN - master 00:00:00 0 0
em1 10.0.10.5/24 DR 00:00:00 unknown 00:18:22 1 1
em3 192.168.0.252/24 DR 00:00:00 unknown 00:18:22 1 1
carp0 185.25.30.20/24 DOWN - master 00:00:00 0 0
vlan900 185.25.30.21/24 DR 00:00:00 unknown 00:18:22 3 3
I don't understand why the 'State' is 'DOWN' on both the CARP master and
backup firewalls, even though the linkstate shows 'master' and 'backup'
correctly.
So both the CARP master and the backup are announcing (wasn't expecting
this in 5.3). I was expecting the backup to either stay silent, or to
announce with a higher metric so the master is preferred.
Have I got the wrong end of the stick? ;)
Cheers, Andy.
>> ""Reinstate ospfd(8) code to announce routes to backup carp
>> interfaces, so that a specific route is maintained during failover."
>> ..which I think means it actually will announce it when being carp
>> slave, but with a higher cost/metric/whateveritsname."
>>
>> !! This would be amazing and exactly what I'm after :) (assuming that
>> the carp backup announces with a higher cost..)
> before this fix (which you could easily backport to 5.3 if needed)
> then only the carp master would announce the route so it still did
> pretty much what you need; this fix reinstates the code which makes
> both backup+master announce into ospf so the route doesn't dropout
> (reducing the chance of evil cloned default routes)
