Hiya, WRT redundant upstream links, I think it'll be much easier to use a BGP solution. You could even setup load balancing at the same time with the help of BGP. If both your uplinks are to the same ISP you can probably get away with using Cisco's interface backup configuations so long as both uplinks terminate on the same access server on both sides. If not, you might be able to do some sorcerey using tunnel interfaces.
Redundant FreeBSD firewalls isn't too difficult. Automating it, I'd imagine is. I've never tried anything like you're describing, but, not knowing of any 3rd party software to handle this, you could probably write some fancy crontabbed scripts to automatically "bring up" the backup firewall when it detects that the primary is down. Hope this helps. Would be interested to know what solution you use. Regards, Aragon ----- Original Message ----- From: "Bogdan TARU" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, May 02, 2002 6:18 PM Subject: network design > > Hi there, > > I have an unusual question, and hope I'll find the answer on this list. I > would like to build a redundant structure of firewalls (2 of them), and I > really don't have any idea on how to do that. What I would like is a > scheme like: > _________ ____________ > provider's link ----------| hub |__________| | > |_______|\_ _____| FreeBSD fw1|---- switch1 > \_/ |____________| > ________ _/ \_ _____________ > provider's backup link ---| hub2 |/ \___| | > |_______|__________| FreeBSD fw2|---- switch2 > |____________| > > > But the real question is: how do I assign the same IP address to two > interfaces connected to the same hub(s) or switch(es)? I guess this will > provide the best redundancy. Any such software? If not, could you describe > an alternative for it, or point me to some resources? > > Thank you, > bogdan > > > To Unsubscribe: send mail to [EMAIL PROTECTED] > with "unsubscribe freebsd-hackers" in the body of the message > To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
