Page MenuHomeDevCentral
Create Task
Maniphest T2302

CARP + GRE + OSPF conflict
Closed, ResolvedPublic
Actions

Description

We have two routers:

  • Router-002 = BACKUP
  • Router-003 = MASTER

--> They share the same IP address (VIP)

Normally :

Only the MASTER should speak ✔
The BACKUP should remain silent ❌

But with CARP + OSPF:

💥 BOTH speak at the same time

OSPF is a dynamic routing protocol that allows routers to exchange routing information and automatically determine the best path for network traffic. It works by regularly sending Hello packets between routers to maintain neighbor relationships and keep an up-to-date view of the network topology.

In a high-availability setup with two routers sharing the same VIP, OSPF can cause issues because both routers may send Hello packets and routing updates at the same time using that same IP address. As a result, neighbors receive messages that appear to come from a single router, while they are actually coming from two different ones. This creates confusion in the OSPF neighbor relationship, leading to constant resets, unstable routing tables, and unreliable network connectivity.

references :

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=166462

Related Objects

Event Timeline

yousra created this task.Tue, Apr 7, 13:56
yousra updated the task description. (Show Details)Tue, Apr 7, 19:46
yousra updated the task description. (Show Details)Tue, Apr 7, 19:50
yousra updated the task description. (Show Details)Tue, Apr 7, 19:52
yousra updated the task description. (Show Details)Tue, Apr 7, 20:02
yousra updated the task description. (Show Details)
yousra triaged this task as Normal priority.Tue, Apr 7, 20:11
yousra updated the task description. (Show Details)
yousra updated the task description. (Show Details)
yousra moved this task from Backlog to Working on on the Secure HA tunnels board.
yousra moved this task from Working on to Backlog on the Secure HA tunnels board.Fri, Apr 10, 18:42
yousra updated the task description. (Show Details)Fri, Apr 24, 08:09
yousra added a comment.Fri, Apr 24, 08:20

Update:

This explanation is not fully correct. Indeed the VIP cannot be used to establish two GRE tunnels at the same time on Windriver or on Ysul.

With the current high-availability design, only one GRE tunnel using the VIP can be active at a time. Therefore, the tunnel must be managed depending on which router is ACTIVE.

When a router is no longer ACTIVE, its GRE tunnel is removed. The BACKUP router establishes the tunnel after becoming ACTIVE.

This behavior is automated thanks to the script implemented in T2319.

yousra closed this task as Resolved.Fri, Apr 24, 08:20
yousra moved this task from Backlog to Done on the Secure HA tunnels board.
yousra renamed this task from CARP + GRE + OSPF conflict in HA setup to CARP + GRE + OSPF conflict.Fri, Apr 24, 08:22
Nasqueron DevCentral · If it had been much bigger the moon would have had a core of ice. · Powered by Phabricator