On Fri, Oct 03, 2008 at 06:01:35PM +0200, Marco Matarazzo wrote: > Hi Stuart, > > > On Fri, Oct 3, 2008 at 3:48 PM, Stuart Henderson <[EMAIL PROTECTED]>wrote: > > > >> You could try only having an address on the carp interfaces, not the > > >> vlan interfaces, then use OSPF to announce to the other firewall... > > >> > > > > > > I'm actually already using OSPF to announce the routes to the border > > routers > > > which in turn use eBGP to the upstreams and iBGP between them.The > > firewalls > > > are also using ospf between them. In the past I tried to setup the vlans > > > without an address (it'd be very convenient too, since I'd not lose two > > more > > > addresses per vlan!) but then had problems with ospf which refused to > > > announce the routes, and always had the feeling that it was not > > supported. > > > If that works, it would resolve all my problems! I'm going to experiment > > > with it! ;) > > > > > > Make sure you announce the carp interfaces, not the vlans, in ospfd.conf. > > Something like this.. > > > That's exactly what I'm doing now! I also got bitten by the ospfd daemon not > adding the runtime created interfaces, I wrote about it in august, and > rereading the thread... you was the one who answered! ;) Will let you know > how the reconfiguration works! >
The problem with adding at runtime created interfaces to ospfd should be fixed in -current. -- :wq Claudio
