I get a new block of 256 IPs. And my provider gives me two cables and
two gateways (a.b.c.1 and a.b.c.2) inside my block (a.b.c.0/24).
I want to install a redundant filter made from two soekris.
I do some tests on my desk, with a redundant bridge. But I got storm
of packet (loop of 8000 packets/s) from a single ping thru the
bridge.
I ask Ryan & Henning at EuroBSCon'05, and they say 'I really want to
have a redundant router' (and not a bridge).
I do not understand how to setup a router with IPs from the same
block on each side.
[...]
The external interface should be assigned, say, a.b.c.3 resp. a.b.c.4.
Give them a netmask of 255.255.255.247. This will allow you 8
addresses
'on the outside' (for a slightly more efficient implementation, use
a.b.c.0 and a.b.c.3, then set your netmask to .251 - you'll not waste
any IP addresses that way, but a.b.c.0 might just be reserved, and
you'll need one more address for CARP anyway, if you want to do that).
Now, since more specific entries trump more generic, the Soekrises
will
route a.b.c.0/28 to the outside routers and the rest of a.b.c.0/24 to
your internal network.
This takes care of redundancy 'from the inside'; if you wish to host
redundant services, you'll have to do some more work. Notably, you'll
have to find some way - BGP? OSPF? - to tell the ISP's routers that
Soekris #1 is out of commission, and to please route everything to
Soekris #2 (i.e., over a.b.c.2).
Either that, or repeat the CARP procedure. Which one is easiest/works
best is hard to say - CARP, for instance, needs broadcasts; on the
other
hand, BGP is only for people with their own ASes... hard to tell
without
more information. And outside of the scope of your question, anyway.
The two cables came from two routers of my provider.
The two ips (a.b.c.1 and a.b.c.2) are in the same vlan on the two
different routers.
Broadcast should work.
So on outside, a CARP should be the simple thing I have to do.
Thank you for the information.
Cordialement,
Jean-Girard Pailloncy
