On Tue, 2015-05-19 at 10:10 +0100, Stuart Henderson wrote: > On 2015/05/19 09:03, Johan Ymerson wrote: > > On Fri, 2015-05-15 at 17:59 +0200, Johan Ymerson wrote: > > > I have found a peculiar behaviour in ospfd when the physical link of the > > > parent carp interface is down. The carp interface net is then announced > > > with it's regular metric. > > > > > > An example: > > > The cable of em2, parent of carp2 (192.168.254.0/23), is unplugged. Here > > > is what is announced, seen by another machine running bird: > > > > > > router 192.168.200.4 > > > distance 10 > > > network 192.168.200.0/24 metric 10 > > > stubnet 192.168.202.0/24 metric 65535 > > > stubnet 192.168.254.0/23 metric 10 > > > stubnet 195.58.98.144/28 metric 65535 > > > stubnet 92.33.0.200/30 metric 65535 > > > stubnet 192.168.253.0/24 metric 10 > > > > > > 192.168.254.0/23 is announced with metric 10. All other interfaces in > > > the same carp group are announced with metric 65535 because the > > > link-down state of em2 has demoted the carp group, as it should. > > > > After reading my initial post I realize I wasn't clear about the result > > of this. > > If you have a redundant router set up with carp on one side and ospf on > > the other, and plug out a network cable on the carp side on the master, > > one will loose network connectivity to that network. > > > > In our case we lost Internet access until we realized what was wrong and > > shut down the master. > > I'm not keen on (relatively complex) special-casing in ospfd for this, > I think this is the pertinent question: > > > > Also, is the carp kernel code really correct when it leaves the > > > interface link state as "unknown" when in carp init state? >
I don't think we under each other. ospfd already has special-casing for CARP-interfaces. It is this special case that introduce this bug. A normal interface is not announced when link is down. For carp interfaces however, there is an exception for link down so that ospfd announces the interface but with a metric of 65535. This is to allow faster fail over when carp master changes. However, the first exception: !LINK_STATE_IS_UP(iface->linkstate) which allow the interface to be announced, triggers on both physical link down and on carp backup mode, while the second exception: iface->linkstate == LINK_STATE_DOWN which sets the metric to 65535, triggers only on carp backup mode. The result is that we announce routes to a network we have no connection to, and that is a very bad thing. /Johan