OSPF over GRE and failover

Thu, 13 Sep 2012 04:21:52 -0700 

Hi misc@,

I have a pair of 5.2-current in failover setup.
On both ext-iface and int-iface are CARP'd.

This setup servers mostly as a firewall for internal machines, but also
as a OSPF-router.

OSPF runs on top of GRE on top of IPSec.

I have /29 net for external and thus the rest of IP not used for CARP
are aliases on carp-iface.

isakmpd listens on one of those aliased IP, as well as gre for outer
tunnel. isakmpd.conf, ipsec.conf and gre-ifaces configured exactly the
same on both machines, except ospfd.conf which has different router-id.

Now the problematic part.

Then failover occurs ospfd gets unstable, eg. what I see from
tcpdump-output on gre-iface is that one machines which should be in
stand-by state still sends OSPF-pkts. While active machines switches
OSPF-state
from INIT to EXCHG to FULL.FULL is up for several seconds and then this
process repeates. At the time of DOWN/INIT och the active machines,
stand-by machine mamages to send out OSPF-pkts. carp iface on stand-by
is in BACKUP state and not changes, while active one is MASTER (as
expected).

I have three GRE tunnels and three OSPF-routers to talk to.
Two of three run quagga and the last one is ospfd on 5.2-current.
I see OSPF-pkts going out on all three gre-ifaces on the stand-by
machine, but only quagga-peers are unstable.



The question is why ospfd still sends out on stand-by machine?
Or is it something wrong with setup I have?
Any other way to solve failover for OSPF on GRE? ifstated?


Below is configuration for MASTER-machine:

---------hostname.carp2
inet 212.x.x.194 255.255.255.248 212.x.x.199 -inet6 vhid 2 advbase 1
advskew 0 carpdev vlan2 pass <password> description EXTERNAL
inet alias 212.x.x.198 255.255.255.248 NONE


-------isakmpd.conf
[General]
Listen-on=      212.x.x.198


---------hostname.gre1
tunnel 212.x.x.198 x.x.175.x
!/sbin/ifconfig gre1 inet 10.10.0.1 10.10.1.1 netmask 0xffffffff -inet6
link0 up


-----ospfd.conf

router-id 0.0.1.1

area 0.0.0.0 {

        interface trunk0 {

        }

        ##
        interface gre0

        ##
        interface gre1 { auth-type none }

        ##
        interface gre2 { auth-type none }

        ## Internal net
        interface carp1

}


Regards,
Maxim

Reply via email to