On 19/07/11 20:03, Joerg Streckfuss wrote:
Hi list,
i have the following testsetup with four firewall nodes connected to three
networks:
network A
|--------------------------------------|
| | CARP | |
| | | |
+--+--+ +--+--+ +--+--+ +--+--+
| fw1 | | fw2 | | fw3 | | fw4 |
+--+--+ +--+--+ +--+--+ +--+--+
| | | |
| CARP | | CARP |
|--------------| |--------------|
network B network C
As you can see all four nodes are connected to network A but only fw1 and fw2
are connected to network B. On the other side only fw3 and fw4 are connected to
network C.
For network A all nodes form a CARP cluster. The order of priority for which
node is in master mode is: fw1 -> fw2 -> fw3 -> fw4.
For network B fw1 and fw2 form a CARP cluster and order of priority is fw1 ->
fw2. And last but not least for network C fw3 and fw4 form a CARP cluster and
order of priority is fw3 -> fw4. Preempting is active on all nodes.
The point which gives me a headache is that normaly fw3 is master for network C
but backup for network A. Not very suprising.
I know this is a very uncommon setup but it works for me for many days know.
A failover to node fw3 respectively fw4 on network A performs as expected.
Are there any possible site effects i have overlooked.
Many thanks in advance,
Joerg
If fw1 is master for network A, how do you route traffic from A to C?
I would put fw1 & fw2 in CARP A1 and fw3 & fw4 in CARP A2 (different
vhid, different virt IP)
or make all firewalls listen on all networks (A,B,C) with no asymmetry.
regards,
Giannis
