I have a pair fo redundandt firewalls, using carp that i have recntly
upgraded from a raelly old version of OpenBSD (actually replaced, I built
new disks for these). I read that 4.6 would allow me to set up OSPF such
that it would advertise the shared address provided by carp. So, I have set
things up like this:
r...@phfw1:etc# cat ospfd.conf
# $OpenBSD: ospfd.conf,v 1.2 2005/02/06 20:07:09 norby Exp $
# macros
# password="secret"
# global configuration
router-id 10.209.142.154
# fib-update no
# spf-delay 1
# spf-holdtime 5
# auth-key $password
# auth-type none
# hello-interval 10
# metric 10
# retransmit-interval 5
# router-dead-time 40
# router-priority 1
# transmit-delay 1
redistribute connected
# areas
area 0.0.0.XXX {
interface carp0 {
auth-type none
}
interface carp1 {
passive
auth-type none
}
}
Here is what ifconfig reprost for the carp devices on the current master:
carp0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
lladdr 00:00:5e:00:01:0a
priority: 0
carp: MASTER carpdev bge0 vhid 10 advbase 1 advskew 0
groups: carp
inet 10.209.142.154 netmask 0xffffff80 broadcast 10.209.142.255
inet6 fe80::200:5eff:fe00:10a%carp0 prefixlen 64 scopeid 0x7
carp1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
lladdr 00:00:5e:00:01:02
priority: 0
carp: MASTER carpdev em0 vhid 2 advbase 1 advskew 0
groups: carp
inet 170.85.106.143 netmask 0xffffff80 broadcast 170.85.106.255
inet6 fe80::200:5eff:fe00:102%carp1 prefixlen 64 scopeid 0x8
But ospfctl show interfaces is reprting:
r...@phfw1:etc# ospfctl show interfaces
Interface Address State HelloTimer Linkstate Uptime nc
ac
carp1 170.85.106.143/25 DOWN - master 00:00:00 0
0
carp0 10.209.142.154/25 DOWN - master 00:00:00 0
0
And the OSPF cloud, indeed does not think that there is a valid route to
the 170 network, which is the "inside" net.
What am I doing wrong, here?
--
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
A: Top-posting.
Q: What is the most annoying thing in e-mail?
