Hi,
I'm having a problem where routes that are associated with gre tunnels are not
removed when the tunnel stops working. The tunnels are set up to run over
IPSEC transport links and there are firewall rules that prevent unencrypted
traffic from being sent out. There are three machines, each with a link from
itself to the other two machines.
When I bring down an IPSEC link bird detects this fairly quickly. I can do a
"show ospf state all" and see the connectivity change, with the distance for
the node that is no longer directly linked to increasing.
The problem is that each of the three nodes still lists all of the networks as
reachable.
For example, on node 1 there are the following routing rules (ip route show):
10.142.0.0/16 via 10.1.2.10 dev gre_node2
10.143.0.0/16 via 10.1.2.14 dev gre_node3
These are set up statically in a post-up rule in the network configuration
(could this be done some other way?).
Bird shows the nodes' OSPF state as the following, even though it has detected
the link isn't working:
external 10.142.0.0/16 metric2 10000 via 10.1.2.10
external 10.143.0.0/16 metric2 10000 via 10.1.2.14
Should I be specifying these routes in another way, or is there a way I can
make bird remove the routes when it detects the link has gone?
Iain
