On Tue, Dec 22, 2020 at 02:04:27PM +0100, open...@kene.nu wrote:
> Hello,
> I am seeing what I deem to be unexpected behavior with ospfd and depending
> on carp interfaces.
> Running 6.8 with latest patches applied on all three routers.
>
> # uname -a
> OpenBSD extfw1.lab.kambi.com 6.8 GENERIC.MP#2 amd64
>
> My setup is as following;
> Two openbsd boxes (FW1 and FW2) acting as a firewall pair sharing carp
> interfaces.
> Single openbsd box (R1) that in this instance acts as a client trying to
> reach servers that are reachable via the FWs.
> VLan20 (actually carp20) is my nexthop (BGP wise) to reach any networks
> behind the FW pair.
> VLan21 is the link network between all the three boxes. The FWs share a
> carp21 interface.
>
> My FW ospfd.conf (same on all three boxes apart from the "depend on" which
> is absent from R1):
> router-id <redacted>
>
> area 0.0.0.0 {
> interface lo1
> interface vlan20 {
> depend on carp20
> }
> interface vlan21 {
> depend on carp21
> }
> }
>
> Carp20:
> root@FW1:~ # ifconfig carp20 | grep inet
> inet 172.30.9.21 netmask 0xfffffff0 broadcast 172.30.9.31
>
> Now to the strange part. I see that the selected route in R1 points to FW1
> even though carp20/21 on FW1 is in state BACKUP. No matter what I do, apart
> from setting static metrics, ospfd on R1 always selects FW1 as nexthop.
> root@FW1:~ # ifconfig vlan21 | grep inet
> inet 172.30.9.34 netmask 0xfffffff0 broadcast 172.30.9.47
> root@FW1:~ # ifconfig carp20 | grep carp:
> carp: BACKUP carpdev vlan20 vhid 1 advbase 1 advskew 10
> root@FW1:~ # ifconfig carp21 | grep carp:
> carp: BACKUP carpdev vlan21 vhid 1 advbase 1 advskew 10
>
> root@FW2:~ # ifconfig vlan21 | grep inet
> inet 172.30.9.35 netmask 0xfffffff0 broadcast 172.30.9.47
> root@FW2:~ # ifconfig carp20 | grep carp:
> carp: MASTER carpdev vlan20 vhid 1 advbase 1 advskew 100
> root@FW2:~ # ifconfig carp21 | grep carp:
> carp: MASTER carpdev vlan21 vhid 1 advbase 1 advskew 100
>
> root@R1:~ # ospfctl sh
> neighID Pri State DeadTime Address Iface
> Uptime
> 172.30.9.4 1 FULL/OTHER 00:00:38 172.30.9.35 vlan21 00:21:33
> 172.30.9.3 1 FULL/BCKUP 00:00:38 172.30.9.34 vlan21 00:22:14
>
> root@R1:~ # ospfctl sh fib | grep 172.30.9.16/2
> *O 32 172.30.9.16/28 172.30.9.34
> *O 32 172.30.9.16/28 172.30.9.35
>
> root@R1:~ # ospfctl sh rib | grep 172.30.9.16/2
> 172.30.9.16/28 172.30.9.34 Intra-Area Network 20
> 00:30:33
> 172.30.9.16/28 172.30.9.35 Intra-Area Network 20
> 00:29:56
>
> root@R1:~ # route -n get 172.30.9.21
> route to: 172.30.9.21
> destination: 172.30.9.16
> mask: 255.255.255.240
> gateway: 172.30.9.34
> interface: vlan21
> if address: 172.30.9.37
> priority: 32 (ospf)
> flags: <UP,GATEWAY,DONE,MPATH>
> use mtu expire
> 11 0 0
>
> As seen above R1 selects 172.30.9.34 as the nexthop based on ospf which is
> wrong. It should be 172.30.9.35 as FW2 is carp master for carp20/21. What I
> in the end want to achieve is that the router with carp20/21 MASTER should
> be the preferred carp20 nexthop. An assumption can be made that carp20/21
> will always have the same FW as master in my case.
Can you test if it works as expected with current?
I think you are affected by a bug fixed by dlg with this commit:
https://marc.info/?l=openbsd-cvs&m=160427701605657&w=2
