VRRP and OSPF issue

ktty-kws · October 28, 2017, 4:44am

[font=Arial]Hello,[/font]

[font=Arial][size=small]I am now validating VRRP and OSPF with two routers.[/size]
[/font]

[font=Arial]When I set both VRRP and OSPF to VyOS in same segment, master vyos send ospf packet from VIP.[/font]

[font=Arial]How do I disable ospf on VIP ?[/font]

[font=Arial]vyos@vyos-2:~$ sh ip ospf ne[/font]

Neighbor ID Pri State           Dead Time Address         Interface            RXmtL RqstL DBsmL

192.168.40.2 1 Full/DROther 35.229s 10.200.200.1 tun1:10.200.200.2 0 0 0
[color=#ff3333]10.129.3.109 1 Init/DROther 32.6[/color][color=#ff3333]48s 172.30.1.1 eth1:172.30.1.3 0 0 0 [/color]<— I want to delete this line.
[font=Arial]10.129.3.109 1 Full/Backup 30.657s 172.30.1.2 eth1:172.30.1.3 0 0 0 [/font]
[font=Arial]Regards,[/font]

JB_VCC · January 4, 2018, 7:26pm

Hello,

I looked for a solution to that problem for some time before having to separate the networks, we now have OSPF and VRRP on different VIFs to prevent the OSPF broadcasts from using the vrrp virtual address.

ktty-kws · January 19, 2018, 6:13am

Thank you for your reply.

That is a nice way.
But in this situation, backup vyos cannot have the segment directly.

I think when I want to configure VRRP on one segment by vyos, I have no choice but to use ACL.

ArneO · January 23, 2018, 2:27pm

Do you use NAT and/or stateful firewall you need to have both directions of traffic through the same router. Depending on your design you may want to have the master be part of OSPF and not the backup to get the NAT and firewalling working.