Can anyone give me a hint how to setup a pair of "CARPed" firewall machines to access an ISP via an direct ethernet link (fiber). He assigned us a customer network ( /29) and a transit network ( /30) to connect our (customer) network with his backbone without extra router machine. All (active) addresses of the customer network should become aliases of the CARP-interface (firewall is using NAT and proxies).
This setup is running fine on some of our sites but there we always have a direct access to the backbone - without transit network. I understand that these transit networks are usually used in access networks to insert a router machine between customer network and the backbone but in this case we'd like to avoid this extra SPOF. Any idea how to deal with this issue? Or should we try to discuss with the ISP to leave out this transit network? TIA, Tobias.
