Hi Stuart,
On Fri, Oct 3, 2008 at 3:48 PM, Stuart Henderson <[EMAIL PROTECTED]>wrote: > >> You could try only having an address on the carp interfaces, not the > >> vlan interfaces, then use OSPF to announce to the other firewall... > >> > > > > I'm actually already using OSPF to announce the routes to the border > routers > > which in turn use eBGP to the upstreams and iBGP between them.The > firewalls > > are also using ospf between them. In the past I tried to setup the vlans > > without an address (it'd be very convenient too, since I'd not lose two > more > > addresses per vlan!) but then had problems with ospf which refused to > > announce the routes, and always had the feeling that it was not > supported. > > If that works, it would resolve all my problems! I'm going to experiment > > with it! ;) > > > Make sure you announce the carp interfaces, not the vlans, in ospfd.conf. > Something like this.. That's exactly what I'm doing now! I also got bitten by the ospfd daemon not adding the runtime created interfaces, I wrote about it in august, and rereading the thread... you was the one who answered! ;) Will let you know how the reconfiguration works! Thanks! ]\/[arco -- I'm Winston Wolf, I solve problems.
