4. Carp and OpenBGP

Carp and OpenBGP

  • J

    Good Afternoon,

    I'm trying to configure carp to demote when openbgp session fails

    Currently my config reads

    This file was created by the package manager.  Do not edit!

    AS 2***
    fib-update yes
    listen on *..**.126
    network ..    .194/26 (Different Network - Alias is on the interface)
    group "Primary" {
    remote-as ***
    neighbor *..***.125 {
        descr "Primary Circuit"
    set nexthop *..***.125
    announce self
    demote carp  
    }
    }
    deny from any
    deny to any
    allow from *..***.125
    allow to *..***.125

    So I'm getting the following carp error

    error initializing group "carp"

    Is this not supported and if not how is carp suppose to fail over on BGP session drop ?

    Our config is

    FW1 –--- BGP Router
                      /     |
    Internal Carp IP    External CarpIP
                      \     |
                       FW2 ----- BGP Router

    So on session failure we really need carp to fail over but openbgp seems to have problems initialising the CARP group

    when i run ifconfig -g carp is get

    ifconfig -g carp
    pfsync0
    vip1
    vip2

    I have tried manually increasing the counter with

    ifconfig -g carp carpdemote 128

    but nothing seems to happen am I missing something ? our carp interfaces sit on Lagg Failover bonded interfaces

    Thanks Again for you Help

    J

    0
  • J

    Well I've partly answered my own question,

    Carpdev does not seem to have been implemented yet on pfsense

    So how do you configure an ordered failover of based upon bgp sessions ?

    0
  • R

    @jnex26:

    Well I've partly answered my own question,

    Carpdev does not seem to have been implemented yet on pfsense

    So how do you configure an ordered failover of based upon bgp sessions ?

    which interface won't work? ;)

    [2.1-BETA1][root@gw1.zws8.local]/root(32): ifconfig -g carp
    pfsync0
    wan_vip211
    wan_vip212
    lan_vip213
    lan_vip214
    opt2_vip215
    wan_vip216
    wan_vip217

    looks good. I guess you haven't found this (I searched long time to find it):

    [2.1-BETA1][root@gw1.zws8.local]/root(33): sysctl -a | grep carp

    net.inet.ip.same_prefix_carp_only: 0
    net.inet.carp.allow: 1
    net.inet.carp.preempt: 1              <<=== this option must be set under Advanced =>  System Tunables
    net.inet.carp.log: 1
    net.inet.carp.arpbalance: 0
    net.inet.carp.suppress_preempt: 0
    net.link.ether.inet.carp_mac: 0

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2019 Rubicon Communications, LLC | Privacy Policy