ifconfig carp alias

iridaoc iribag Tue, 22 Feb 2011 02:51:46 -0800

Hello,

i have 2 openbsd configured as follow



---------------------                            ---------------------
|                       |                            |
|
|         FW1      |    <-- pfsync -->   |         FW2       |
|                       |                            |
|
---------------------                            ---------------------
  |         |         |                                |         |         |
  |         |         |                                |         |         |
  |         |         |                                |         |         |
em0   em1  em2                          em0    em1   em2
  |         |         |                                |         |         |
  |         |         |                                |         |         |
------------------------------------------------------------------------
|                               switch
               |
------------------------------------------------------------------------


em0, em1, em2 on FW1 and FW2 are in LACP Trunk mode

FW1 and FW2
-------------------
hostname.em(0-2)
up

hostname.trunk0
up trunkproto lacp trunkport em0 trunkport em1 trunkport em2


==========
       Vlan
==========

vlan1 as "public" link
vlan2 as DMZ
vlan3 as private

NAT between vlan1 and vlan2 and between vlan1 and vlan3

FW1
------
hostname.vlan1
inet 192.168.0.21 255.255.255.0 192.168.0.255 vlan 1 vlandev trunk0

hostname.vlan2
inet 172.16.0.21 255.255.255.0 172.16.0.255 vlan 2 vlandev trunk0

hostname.vlan3
inet 10.0.0.21 255.255.255.0 10.0.0.255 vlan 3 vlandev trunk0

FW2
------
hostname.vlan1
inet 192.168.0.22 255.255.255.0 192.168.0.255 vlan 1 vlandev trunk0

hostname.vlan2
inet 172.16.0.22 255.255.255.0 172.16.0.255 vlan 2 vlandev trunk0

hostname.vlan3
inet 10.0.0.22 255.255.255.0 10.0.0.255 vlan 3 vlandev trunk0


=====
CARP
=====
FW1
------
hostname.carp1
inet 192.168.0.254 255.255.255.0 192.168.0.255 vhid 1 carpdev vlan1 pass
foobar advskew 10

hostname.carp2
inet 172.16.0.254 255.255.255.0 172.16.0.255 vhid 2 carpdev vlan2 pass
foobar advskew 10

hostname.carp3
inet 10.0.0.254 255.255.255.0 10.0.0.255 vhid 3 carpdev vlan3 pass foobar
advskew 10

FW2
------
hostname.carp1
inet 192.168.0.254 255.255.255.0 192.168.0.255 vhid 1 carpdev vlan1 pass
foobar advskew 100

hostname.carp2
inet 172.16.0.254 255.255.255.0 172.16.0.255 vhid 2 carpdev vlan2 pass
foobar advskew 100

hostname.carp3
inet 10.0.0.254 255.255.255.0 10.0.0.255 vhid 3 carpdev vlan3 pass foobar
advskew 100


All works fine.

Question : i need to add NAT 1:1 from vlan 1 to vlan 2

What is the best way to configure new carp addresses ?

FW1
-----
1) new /etc/hostname.carpXXX files
hostname.carp11
inet 192.168.0.203 255.255.255.0 192.168.0.255 vhid 11 carpdev vlan1 pass
foobar advskew 10

hostname.carp12
inet 192.168.0.204 255.255.255.0 192.168.0.255 vhid 12 carpdev vlan1 pass
foobar advskew 10


or
2) alias in /etc/hostname.carp1

hostname.carp1
inet 192.168.0.254 255.255.255.0 192.168.0.255 vhid 1 carpdev vlan1 pass
foobar advskew 10
inet alias 192.168.0.203 255.255.255.0 192.168.0.255 vhid 11 carpdev vlan1
pass foobar advskew 10
inet alias 192.168.0.204 255.255.255.0 192.168.0.255 vhid 12 carpdev vlan1
pass foobar advskew 10

Both works, but i don't know which is the best.

Thanks.

ifconfig carp alias

Reply via email to