On Wed, Jun 09, 2021 at 09:57:32AM +0200, openbsd@kene.nu wrote:
> Hello,
>
> Just a question and maybe a suggestion. I am implementing a few DCs that
> use vxlan symmetric routing and hence, layer2 redundancy protocols like
> CARP (and VRRP/HSRP) do not work as intended due to evpn layer2 being the
> technology of choice to announce ARP entries.
>
> This led me to try out the "depend on carp" functionality that is available
> on openbgpd. It does what I want, partially. It would be much more usable
> if you cold define what this functionality does in case of a CARP backup
> state. Currently it puts the bgp neighbor into Idle state. However, it
> would be better if one could define that it should as-path prepend and/or
> add a metric (MED) instead. This way, carp failovers would not rely on the
> tedious and relatively time consuming process of setting up a BGP session
> and announcing prefixes before it can truly be carp master.
>
> WDYT?
The 'depend on' feature was added to use a CARP cluster as a BGP border
router (e.g. at an IXP that only gives one IP/port). In that case the
backup carp interface is not able to open a TCP session. The backup carp
interface is not reachable and the session would conflict with the master
session.
What you would like is to add depend on on announcements (network
10.0.0.0/24 depend on carp0) or probably as a filter (match to group
uplinks depend on carp set med 100). At least this is how I understand
your request.
--
:wq Claudio
No comments:
Post a Comment