Stuart Henderson wrote:
On 2008-03-10, clifford bailey <[EMAIL PROTECTED]> wrote:
Having got a nice redundant firewall setup working with openbsd 4.2 pf +
carp + pfsync. My next step was to integrate it with ospf. My initial
plan was to continue to treat the firewall pair, as a single 'virtual
firewall' within the network and use ospf to advertise routes through
just the carp interfaces. Looking at a couple of docs for ospf though, I
was disappointed to find out I can't do this.
don't you mean something like this?
router-id 1.2.3.4
auth-type crypt
auth-md 1 mekmitasdigoat
auth-md-keyid 1
hello-interval 1
router-dead-time 4
area 0.0.0.0 {
interface vlan701
interface carp72 { passive }
interface carp42 { passive }
interface carp209 { passive }
interface carp168 { passive }
}
Is that possible to do? I tried something similar on my setup and as
soon as I removed the real interface from the area, nothing was
advertised at all. Admittedly I didn't have the interface set as passive
before, so that might have been my problem. I'll try that out now. My
initial assumption was because I saw in an openospfd doc (by Claudio
Jeker if it helps), that it was "impossible to run ospf on a carp
interface", so assumed this was the correct behaviour. Anyway, if you're
right, that's great news for me!
(Thanks for the quick response too!)
