On Sun, Jul 24, 2005 at 10:37:29PM -0700, Jonathan Walther wrote:I've read the carp manpage, but am not clear if carp is able to help in the following scenario:
A box at a high availability colo site forwards some traffic to a company LAN using a VPN. There are two VPN connections it could route packets through, one going through the LAN's Cable connection, the other through its DSL connection. Both VPN's connect to the same end host on the other side of the two connections.
If the DSL connection goes down, I want all connections and traffic to be shunted to the Cable connection. I control both ends of the VPN, which are OpenBSD Soekris boxes.
Is this possible out of the box and supported by OpenBSD, or is it the wrong approach to trying to keep packets getting into the LAN when one of the external connections fail?
You could run ospfd (or quagga) on each host. (You'll need to use gif or gre tunnels to give a multicast capable link over the vpns). Make the dsl tunnel the lower cost route and ospf will change the routing tables to use the other link if it goes down. When it comes back up, ospfd will switch the routing table back to the lower cost route. I use precisely this method to provide a backup to a 100Mb WAN link using ipsec/adsl.
Thank you Stephen! This is exactly what I was looking for. One question; does this solution drop any connections during the change of the routing table? For my application, that isn't a problem, but it is nice if it doesn't.
Jonathan
Eukleia: Jonathan Walther Address: 5690 Pioneer Ave, Burnaby, BC V5H2X6 (Canada) Contact: 604-430-4973 Website: http://reactor-core.org/ Puritan: Purity of faith, Purity of doctrine Puritan: Sola Scriptura, Tota Scriptura
Love is a sharp sword. Hold it by the right end.