Hello,
I am seeing what I deem to be unexpected behavior with ospfd and depending
on carp interfaces.
Running 6.8 with latest patches applied on all three routers.
# uname -a
OpenBSD extfw1.lab.kambi.com 6.8 GENERIC.MP#2 amd64
My setup is as following;
Two openbsd boxes (FW1 and FW2) acting as a firewall pair sharing carp
interfaces.
Single openbsd box (R1) that in this instance acts as a client trying to
reach servers that are reachable via the FWs.
VLan20 (actually carp20) is my nexthop (BGP wise) to reach any networks
behind the FW pair.
VLan21 is the link network between all the three boxes. The FWs share a
carp21 interface.
My FW ospfd.conf (same on all three boxes apart from the "depend on" which
is absent from R1):
router-id <redacted>
area 0.0.0.0 {
interface lo1
interface vlan20 {
depend on carp20
}
interface vlan21 {
depend on carp21
}
}
Carp20:
root@FW1:~ # ifconfig carp20 | grep inet
inet 172.30.9.21 netmask 0xfffffff0 broadcast 172.30.9.31
Now to the strange part. I see that the selected route in R1 points to FW1
even though carp20/21 on FW1 is in state BACKUP. No matter what I do, apart
from setting static metrics, ospfd on R1 always selects FW1 as nexthop.
root@FW1:~ # ifconfig vlan21 | grep inet
inet 172.30.9.34 netmask 0xfffffff0 broadcast 172.30.9.47
root@FW1:~ # ifconfig carp20 | grep carp:
carp: BACKUP carpdev vlan20 vhid 1 advbase 1 advskew 10
root@FW1:~ # ifconfig carp21 | grep carp:
carp: BACKUP carpdev vlan21 vhid 1 advbase 1 advskew 10
root@FW2:~ # ifconfig vlan21 | grep inet
inet 172.30.9.35 netmask 0xfffffff0 broadcast 172.30.9.47
root@FW2:~ # ifconfig carp20 | grep carp:
carp: MASTER carpdev vlan20 vhid 1 advbase 1 advskew 100
root@FW2:~ # ifconfig carp21 | grep carp:
carp: MASTER carpdev vlan21 vhid 1 advbase 1 advskew 100
root@R1:~ # ospfctl sh
neighID Pri State DeadTime Address Iface
Uptime
172.30.9.4 1 FULL/OTHER 00:00:38 172.30.9.35 vlan21 00:21:33
172.30.9.3 1 FULL/BCKUP 00:00:38 172.30.9.34 vlan21 00:22:14
root@R1:~ # ospfctl sh fib | grep 172.30.9.16/2
*O 32 172.30.9.16/28 172.30.9.34
*O 32 172.30.9.16/28 172.30.9.35
root@R1:~ # ospfctl sh rib | grep 172.30.9.16/2
172.30.9.16/28 172.30.9.34 Intra-Area Network 20
00:30:33
172.30.9.16/28 172.30.9.35 Intra-Area Network 20
00:29:56
root@R1:~ # route -n get 172.30.9.21
route to: 172.30.9.21
destination: 172.30.9.16
mask: 255.255.255.240
gateway: 172.30.9.34
interface: vlan21
if address: 172.30.9.37
priority: 32 (ospf)
flags: <UP,GATEWAY,DONE,MPATH>
use mtu expire
11 0 0
As seen above R1 selects 172.30.9.34 as the nexthop based on ospf which is
wrong. It should be 172.30.9.35 as FW2 is carp master for carp20/21. What I
in the end want to achieve is that the router with carp20/21 MASTER should
be the preferred carp20 nexthop. An assumption can be made that carp20/21
will always have the same FW as master in my case.
