[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: OpenBSD Router & Carp



I haven't written it yet, I was waiting a bit for a response. I looked
at ifstated, but it seems it won't be available until 3.6 at least, so
unless I am mistaken which is highly possible, the examples of redundant
firewalls will not work completely because carp won't switch both
interfaces over when only 1 fails.
Amir Mesry
[email protected]
Cadillac Jack, Inc.
http://www.cadillacjack.com/
Network & Systems Administrator
2420 Meadowbrook Parkway
Duluth, GA 30096
770-865-0034
-----Original Message-----
From: Axel Rau [mailto:[email protected]] 
Sent: Wednesday, May 05, 2004 3:47 AM
To: Amir S Mesry
Cc: [email protected]
Subject: Re: OpenBSD Router & Carp
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Amir,
please share your script. Your question applies to all firewall boxes.
To catch any scenario of unresponsible boxes, your script has to test
real routing through your box from outside.
Axel
Am 04.05.2004 um 01:00 schrieb Amir S Mesry:
> I was wondering if anyone has tested the following scenario
> Say I have 2 machines omega0 and omega1.
> They have ip addresses 10.0.0.2 & 10.0.0.3 (10.0.0.0/24) on fxp0 and
> carp0 10.0.0.1, as well as 10.1.1.2 & 10.1.1.3 (10.1.1.0/24) on fxp1
> carp1 10.1.1.1 respectively
> As you can see they are on 2 different subnets and they route between
> them.
> My question is using carp has anyone tested the link/route redundancy 
> as
> follows?
> For Example, Omega0's fxp0 fails, but its fxp1 does not, is there any
> way to have carp see that fxp0 is down and switch both carp0 & carp1
to
> omega1's addresses?
> I am thinking I will have to write a script to get this done, but I
> thought I would ask before I wrote one.
>
Axel Rau, Frankfurt, Germany    Phone:49-69-951418-0,  Fax: -55
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (Darwin)
iD8DBQFAmJwAbMW2mynpndYRApN9AKDTFrHWfwL156ftr6hMInIjOKohugCg5BGA
LbpQciAFCFcAyigdaQpmWow=
=p2Tx
-----END PGP SIGNATURE-----