I have four router/firewalls that are all interconnected (each one to
every other with a direct crossover link). Two of these are
external-facing and have interfaces connected to the internet and our
DMZ. The other two are internal-facing and have connections to our
internal networks. I am already using carp to handle failover to each of
these networks. The remaining issue is handling failover routes between
the internal routers and external routers. I posted to the list awhile
ago with a few alternative approaches for this and am now experimenting
with ospf. Unfortunately I am new to ospf and was unable to find any
docs talking about this type of situation or even really explaining all
the various options available in ospfd.conf.
I have ospfd running on the machines and all the routers are talking to
eachother and seeing eachother as evidenced by output of various ospfctl
commands. My main problem is that ospf does not seem to be changing my
default route for the internal routers.
***
How do I get ospf to correctly change routes (including default route)?
Or is ospf a really silly way to solve this problem in the first place?
***
Here is how I have set up ospf on the internal machines:
uplink0if="bge0"
uplink1if="bge1"
router-id 0.0.0.10 (.20 for other internal machine)
fib-update yes
redistribute connected
area 10.254.0.0 {
interface $uplink0if {
auth-type none
}
interface $uplink1if {
auth-type none
metric 100
}
}
area 10.6.0.0 {
interface em0 {
passive
}
interface em1 {
passive
}
interface em3 {
passive
}
}
ospf for external machines:
inlink0if="bge0"
inlink1if="bge1"
router-id 0.0.0.30 (.40 for other internal machine)
fib-update yes
redistribute connected
redistribute default
area 10.254.0.0 {
interface $inlink0if {
auth-type none
}
interface $inlink1if {
auth-type none
metric 100
}
}
area 10.6.0.0 {
interface em0 {
passive
}
interface em1 {
passive
}
interface em2 {
passive
}
interface em3 {
passive
}
}
