Hi list,
in my company we are trying to implement an openbsd firewall-cluster.
The setup has the following specs:
- two boxes running openbsd 3.9
- hardware dell 1850 with two four port ethernet cards
so we have 10 ports on each machine (em and ste driver).
- to the outside network we are using an layer3 switch from
dell (powerconnect 6024)
the setup looks like this:
------
|inet | ------------------------+
------ |
-----------------
| layer3 switch |
-----------------
| |
| |
------- -------
| FW1 | | FW2 |
------- -------
| |
| |
------------
| switch |
------------
------- |
| lan |-------------------------+
-------
I configured a vlan with one ip on the layer3 switch so it can reach
the firewalls carped ip.
the problem now is, that the layer3 switch always sends an arp-whohas
for each packet it should route to the firewall. The switch stores the
mac of the firewall in its arp cache, so why are there so many arp
request from the switch? i think this is a really bottleneck.
I tested this on an other system running openbsd connected directly to
the layer3 switch. first time, configured with on physical ip (no carp)
every thing went fine. But with a configured carp interface the
layer3 switch recommences sending arp whohas packets once more.
Any conclusions
By Joerg
