RIP with CARP - unpredictable results
-
Hi,
I've got a L3 switch in our lab with IPs routed to it - then I'm using 2x pfsense firewalls to protect some vlans. So It is convenient to use RIP to announce routes from the pfsense firewalls to the L3 switches.
CARP is running between the two pfsense firewalls, and RIP is enabled on both.
It all works - however, RIP can be somewhat unpredictable - as it doesn't seem to send the announcements from the virtual IP. So you end up with a situation with both primary and backup announcing routes - and either can end up being used. Which causes problems with the statefull firewall.
Is there a particular way to use CARP with RIP?
-
It wouldn't work from our GUI, but it might be possible to edit /etc/gateways and get things going that way. I'm not too familiar with RIP at that level but the man page for routed(8) suggests you should be able to specify alternate gateway IPs there.
-
In the end I just dropped the use of RIP. It was more problematic than just defining static routes on the L3 switches themselves.
All it needs is for RIP to advertise via the CARP VIP - until that point, it will remain a non-option - as both firewalls are advertising the routes on their management addresses.
-
I have the same plans…
I like to have RIP enabled automaticly on the CARP Master only. I like to enable RIP by start the deamon in the rc.carpmaster and stop the deamon in the rc.carpbackup...
How can i enable/disable and configure RIP by CLI / Script?
-
/sbin/routed seems to be the RIP Deamon and the file /etc/gateways seems keeping the options per IF…
can i start/kill RIP by using the rc.carpmaster/rc.carpbackup?
would it work simillar to this example:
http://community.spiceworks.com/how_to/show/25042-auto-start-stop-quaqqa-with-carp-in-pfsenseIve done the following manualy tests:
scp the /etc/gateways from master to the slave, kill the routed PID on the Master, kill the master node, start /sbin/routed on the slave (new master) then checked the routing table on the new master...
Works!
