Hi, I have a planned network topology that will run on OpenBSD that (at the moment) will constitute of three boxes :
1 x Router (Openbsd running bgpd for connection to the outside world) 2 x Firewalls (running Openbsd) I can't quite figure out the best way to deal with the "external" side of the firewalls ? (Obviously the "internal" side would be CARP). At the moment, since the devices are located in the same rack, I am thinking of running a patch cable directly from each firewall to two ports on the Router (i.e. F1a -> R1a and F2a to R1b). The reason for this is to avoid going via a switch and adding a point of failure (yes, I know, I only have one "router".... but hopefully that will change in the not too distant future !) The problem is I can't quite figure out the OpenBSD software configuration for that concept and how it inter-relate with CARP running on the "internal" side of the firewalls ? Should I be running OSPF ? iBGP ? Or something else (switchd ? vether ?) I'm terribly confused ! Bob
