carp+openospfd

Nikos Vassiliadis nvass at teledomenet.gr
Wed Jul 30 15:04:49 UTC 2008 

On Wednesday 30 July 2008 16:56:23 Alexandre Biancalana wrote:
> On 7/30/08, Nikos Vassiliadis <nvass at teledomenet.gr> wrote:
> > On Wednesday 30 July 2008 07:51:52 Alexandre Biancalana wrote:
> >  > Hi list,  (I already ask this on -net, but I get no answers)
> >  >
> >  >  I have two 100Mbit link (L2L, lan to lan) between the company and
> >  > our datacenter, on each side I have two redudant (pf+carp)
> >  > firewalls.
> >  >
> >  >  I configured one vlan for each 100Mbit link and used carp to do
> >  > the failover between machines on each side, the vlan interfaces are
> >  > configured without ip address (with Max's
> >  > carpdev patch), only carp interfaces have ips.
> >  >
> >  >  I want to use OpenOSPFD to distribute our internal routes and do
> >  > automatic failover+loadbalance of this two 100Mbit links.
> >  >
> >  >  This work ? Someone have a similar setup ? Any hints ?
> >
> > I think using OSPF and CARP on the same interface could have
> >  unexpected results.
>
> I see some examples

You get to have two ways to forward packet to a destination.
One via CARP and one via OSPF. I think it's a possible source
of errors.

>
> >  I would use CARP on the "lan to lan" link to provide redundancy
> >  and load balancing. Do you have to use OSPF?
> >  That is, is there an OSPF domain in which you have to be part of?
>
> I use CARP for firewall redundancy on each side. I want to use OSPF to
> easy distribute routes on my networks, the failover and load balance
> of the links are a desirable plus.

So, there is an OSPF domain besides the four FreeBSD firewalls, right?

Could you provide your network's topology?
Is it something like:
LAN1----CLUSTER1====CLUSTER2----LAN2
where:
	CLUSTER1 = CARP(FW1, FW2)
	CLUSTER2 = CARP(FW3, FW4)
???

For example, in the above diagram you cannot load
balance the traffic, it will always go through the
same routers:
 FW1 and FW3 or
 FW1 and FW4 or
 FW2 and FW3 or
 FW2 and FW4.

It will of course failover in case of a FW failure.

> I would use CARP on the "lan to lan" link to provide redundancy
> and load balancing.

So, my suggestion above is false, at least with the current
CARP on FreeBSD.

Please supply more info about your setup,

Nikos

More information about the freebsd-questions mailing list