Re: Using ospfd to establish default routes with two outgoing connections

Thu, 07 May 2009 10:28:49 -0700 

Marco Fretz wrote:

Hi,

I'm not 100% clear if i got you right. but if I'm right you have to do the
"redistribute default" on your 2 external firewalls. because the openbsd box
needs the default route (to the internet) not the other way round...

ExtFw has (static?) route to the ISP. OpenBSDFw gets default route
dynamically via OSPF from ExtFw1 or from ExtFw2. that's it.

are ExtFw1, ExtFw2 and OpenBSDFw on the same subnet?

generally you have to run ospf on all 3 boxes. on ExtFw1 set metric lower
than on ExtFw2 so OpenBSDFw will use the default route from ExtFw1 as long
ExtFw1 is available and ospf adj are established.

ospf redistribution means that the local router will announce prefix
0.0.0.0/0 pointing to the address of the interface where the LSA is sent
out...

is that what you'r looking for?

greets
Marco




Extfw1 and Extfw2 are on different subnets:

 - ExtFw1: 172.16.34.0/30

 - ExtFw2: 172.16.55.0/30

 OpenBSD connects to both subnets using two different interfaces.

And yes, both external firewalls has a static default route.
What I am trying to do is to load balance outgoing connections like ifstated+multipath+ route to round robin on pf.conf does. But reading more accurately about using OSPF I think that ospf only provides active/passive default routes. Am I correct??? 




On Thu, May 7, 2009 at 3:40 PM, carlopmart <carlopm...@gmail.com> wrote:


Stuart Henderson wrote:


On 2009-05-07, carlopmart <carlopm...@gmail.com> wrote:


Hi all,

 I am trying to establish default routes on an openbsd firewall using
ospfd instead of use multipath+route to param under pf.conf without luck.

 My topology is:

Internet ------- ExtFw1 ----------------|
                                        |
                                    OpenBSDFw ----- Internal Network
                                        |
Internet ------- ExtFw2 ----------------|


 ExtFw1 and ExtFw2 are commercial products with different versions. I
have put a rule to pass all traffic genereated by OpenBSD on both external
firewalls.



ExtFw1 and ExtFw2 are running OSPF and announcing a default route
into it, right??



At this time yes. Extfw are commercial firewalls based on linux and I use
quagga to configure ospf on each one. But, any route is attached to openbsd
via ospf ...


--
CL Martinez
carlopmart {at} gmail {d0t} com






--
CL Martinez
carlopmart {at} gmail {d0t} com

Reply via email to