Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
High availability
»
BFD doesn't work with CARP address
« previous
next »
Print
Pages: [
1
]
Author
Topic: BFD doesn't work with CARP address (Read 4106 times)
clarknova
Full Member
Posts: 101
Karma: 6
BFD doesn't work with CARP address
«
on:
December 09, 2021, 12:12:05 am »
OPNsense 21.7.5
FRR plugin
I have a CARP pair of firewalls at two locations. There is a layer-2 connection between the two site with CARP interfaces configured at both ends. Additionally, each firewall has a PtP Wireguard connection to both firewalls at the other site. Thus, each firewall has three connections to the far site, CARP, wg0 and wg1.
Each firewall has an interface group configured with--you guessed it--the layer-2 interface, wg0 and wg1. On this interface group I have create a pass rule for:
Proto: UDP
Source: <group> net
Destination: "This firewall"
Destination port: 3784, 3785 and 4784 (BFD ports alias)
When I create a BFD peer for the Wireguard address at two ends of a tunnel, I see BFD "State Up" packets in both directions on the wg interface, as expected. But when I create a BFD peer for the CARP address on the master firewall at both ends of the layer-2 connection, I see BFD "State Down" packets from both direction on the layer-2 interface.
Why does BFD not work with a CARP address as peer? What is the recommended workaround? I could use the primary addresses as BFD peers, but I'm not sure what effect this would have on OSPF, which is configured to disable while the host is in CARP backup mode.
«
Last Edit: December 09, 2021, 03:20:36 pm by clarknova
»
Logged
mimugmail
Hero Member
Posts: 6766
Karma: 494
Re: BFD doesn't work with CARP address
«
Reply #1 on:
December 09, 2021, 08:05:47 am »
CARP and BFD is tricky, usually with OSPF and BFD you dont even need CARP.
Logged
WWW:
www.routerperformance.net
Support plans:
https://www.max-it.de/en/it-services/opnsense/
Commercial Plugins (German):
https://opnsense.max-it.de/
clarknova
Full Member
Posts: 101
Karma: 6
Re: BFD doesn't work with CARP address
«
Reply #2 on:
December 09, 2021, 03:26:49 pm »
Thanks. That makes sense I should probably get this working without CARP on the OSPF-active interfaces.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
High availability
»
BFD doesn't work with CARP address