stan a icrit :
On Fri, Oct 13, 2006 at 08:44:15AM +0200, Claudio Jeker wrote:
On Thu, Oct 12, 2006 at 10:40:57PM -0400, stan wrote:
Is it feasible to run ospf on a carp pair of firewalls?
Is there any documntation as to how to do this?
OSPF does not work on carp(4) interfaces. If you use "interface carp0"
ospfd will enforce it to be "passive".
A link state protocol can not run on a failover interface because the result
is not predictable.
Thanks.
Is there an alternative way to acomplish this?
What I'm trying to do is failry simple. I have a couple of networks
with OpenBSD CARP's redundant firewalls connecting to a corporate
admistered network. The corporate network runs OSPF. I don't want
to have to depend on static routes to these networks, as corporate
keeps loosing the static routes.
I'm also interrested in this problem since you (Claudio) told me two
days ago, in the thread "OSPFd, CARP and pfsync" :
"It is far better to just prefer the active router over the other. (This
is actually what OpenOSPFD does (it announces the network only on the
active router))"
Which i understood as only the active firewall (the one owning the
shared CARP IP) will announce routes thru OSPF over the CARP interface.
Regards =]
--
Ronnie Garcia <r.garcia at ovea dot com>
