On Sun, Jun 18 2017 at 47:12, Marko Cupać wrote: > On Sun, 18 Jun 2017 09:52:13 +0000 (UTC) > Stuart Henderson <[email protected]> wrote: > > > On 2017-06-18, Marko Cupać <[email protected]> wrote: > > > Hi, > > > > > > I have setup similar to: > > > > > > R1 > > > bnx0--bnx1 > > > | | R3 > > > LAN1---carp0 carp1----------em0--em2---LAN2 > > > | | > > > bnx0--bnx1 > > > R2 > > > > > > How can I run OSPF between R3 and carped R1 and R2? I tried with gre > > > tunnel from carp1 to em0 but it doesn't work well. > > > > > > Thank you in advance, > > > > Try this: > > > > Run ospf on bnx1 on R1/2. You will need separate IP addresses on bnx1 > > for each of R1/R2, you can't just use a single address on the carp1 > > interface. (iirc you want it like carp1 10.0.0.1/32, r1-bnx1 > > 10.0.0.2/24, r2-bnx1 10.0.0.3/24, but it may be /24 on all of them). > > > > For carp0/bnx0 interfaces, run ospf passive on carp0, and the subnet's > > prefix (/24 or whatever) needs to be on carp0. > > > > Hi, > > thank you for looking into it. I forgot to mention crucial fact - > there's no direct link between carp1 and em0 - those interfaces have > public IP addresses and communicate over Internet. > > I guess I could create two gre tunnels - from em0 to each bnx1, and run > ospf over them. Passive ospf interface carp0 would then make sure to > announce LAN1 over active carp member. I could then protect gre traffic > with transport mode ipsec. > > If someone has experience with similar setup please chime in.
I built this kind of setup in the past, still running after all those years. So the configuration you want to build is robust. If you plan to have multiple R3 routers and don't interract with other ospf routers outside your responsabilities, I advise you to move to bgp. It's not way harder to learn and it is more powerful regarding route filtering. Claer
