PS; Is there any support like BFD (Bidirectional Forward Detection) in
OpenBSD to improve the link failure detection time for OSPF and or BGP
seeing as the routers and OpenBSD boxes are connected via Layer 2
switches links (three types of up-links to the Cisco cores are being
used; VPLS, MPLS, and back-haul).
Thanks :)
Andy
On Tue 01 Oct 2013 09:19:20 BST, Andy wrote:
Hello,
I have started deploying OSPF in our test environment before deploying
it out to the production network.
We have two Cisco ASR 1002 IOS XE routers in the middle of our Area 0
which have the Transit connections to the rest of the world etc.
And we have OpenBSD firewalls (CARP pairs etc) located at each of our
main sites (3 sites in total). Each site is connected up to the two
core cisco routers via layer 2 links via 3 interfaces on each Cisco
router.
All interfaces on the Cisco routers are area 0, and the OpenBSD
firewalls external interfaces which connect up to the Cisco's are also
area 0 to act as ABR's. Behind each OpenBSD pair at each of the 3
sites will be a different OSPF area.
I am struggling to work out how I should best configure ospfd.conf
with regards to CARP? I have come across discussion in the Internet
with people saying that if traffic is received on the back OpenBSD box
and it has no connection to the LAN, it should send the traffic to the
other firewall via the PFSYNC crossover link. But I cannot find any
examples of how to actually achieve this?
Also is there no way to have the CARP IP be the IP which is advertised
as the neighbor ensuring that traffic is always sent to the CARP IP
instead (I would MUCH prefer this!).
Finally I have read the man pages but I cannot see how to best use the
'demote' attribute to increase the carp demotion counter?
I have read 'Routing with OpenBSD using OpenOSPFD and OpenBGPD', but
this only shows an example where the internal LAN connection is a CARP.
I have no choice but to run these as both firewalls and routers and I
must have CARP for redundancy etc.
Any advice or good URLs would be greatly appreciated.
Thanks, Andy.
