[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Carp Suppression
- To: Gleb Smirnoff <glebius_(_at_)_freebsd_(_dot_)_org>, Yar Tikhiy <yar_(_at_)_comp_(_dot_)_chem_(_dot_)_msu_(_dot_)_su>, freebsd-net_(_at_)_freebsd_(_dot_)_org, freebsd-pf_(_at_)_freebsd_(_dot_)_org
- Subject: Re: Carp Suppression
- From: Josh Kayse <josh_(_dot_)_kayse_(_at_)_gmail_(_dot_)_com>
- Date: Wed, 15 Jun 2005 14:32:19 -0400
- Reply-to: gtg062h_(_at_)_mail_(_dot_)_gatech_(_dot_)_edu
On 6/15/05, Gleb Smirnoff <glebius_(_at_)_freebsd_(_dot_)_org> wrote:
> AFAIU, you use PLIP line as some flag that triggers suppression. If
> slave "sees" master via PLIP, it keeps itself in slave mode. May be
> I don't understand you right.
> Although the idea is not officially supported, it is interesting. Can you
> please draw your setup, since I don't understand it clearly?
em0 | |em1
------------| FW1 |-----------
xl0(carp0)| | plip0(carp1)
em0 | | em1
-----------| FW2 |----------
Bridging is done through em0/em1 which are both monitored by ifstated
for link state only (backported patch from HEAD).
When one of the bridging ports is disconnected, ifstaded changes the
advskew of carp0 and carp1 to 254 so that the carp interfaces
When ifstated see the carp interfaces as BOTH master, the slave
firewall takes over bridging.
This gives us redundant firewalls, with redundant heartbeat connections.
> Bringing link state support for p2p interfaces is a TODO, although
> CARP is not going to be supported on p2p interfaces officially.
> J> I will refrain from submitting any code to the community in the future.
I was just grumpy, we had just expanded server room and everything
broke, etc etc. Don't mind me at all.
If you have any other questions, just let me know.
PS. I stink at ascii drawings.
freebsd-pf_(_at_)_freebsd_(_dot_)_org mailing list
To unsubscribe, send any mail to "freebsd-pf-unsubscribe_(_at_)_freebsd_(_dot_)_org"