> On 2007/10/30 06:05, Aaron wrote: >> ok, scratch that idea. Are there any csu/dsu units out there that can >> take >> the incoming t1 signal and then output directly to an ethernet interface >> on >> the obsd box > > I think you get some T1/E1<>ethernet bridge-like devices (needing the > same box at both ends of the line), but you won't be able to use carp to > two ISPs like that. > >>> You're describing something which is normally handled by speaking >>> BGP with your provider(s). >>> >> They aren't able to do bgp, as far as I know, as they are getting their >> connections from completely different isps, > > This is normal with BGP. > >> don't have an AS number > > People with a need to multihome can get one. > >> and I'm not sure if this matters or not but the second wan connection >> is just 256k off of a t1 that provides phone service. > > BGP may not be flexible enough to balance the incoming packets > between the lines in that case. e.g. in the case where the ISP with > the slower connection is a downstream customer of an ISP sourcing > a lot of traffic (localpref is more important than path length, > so it can be difficult or impossible to influence this). > > But if the majority of traffic is outgoing, this may not be > particularly important. > >> That's why I had to play the dns short ttl game. Thus far however >> it has worked fairly well. > > That can work better for balancing load, but isn't so good for > failover. Most web browsers impose a minimum TTL to avoid certain > DNS hijacking tricks. > > Now that i know i can't carp the actual san0 interfaces, the ultimate objective would be to just have some type of automatic failover for this interface. I could have a san0 interface on each machine and if one box dies, someone there could simply move the cable to the machine still running, but I'm trying to avoid this manual step.
Even if i had a router doing the conversion from t1 to ethernet, running into a switch and then instead of san0 interfaces in the redundant firewalls I had some ethernet interface, for sake of discussion say, fxp4, would it be feasible to do carp on these interfaces into the switch? I just don't want the firewall to be the source of a t1 failure. if the T itself goes down, no problems, the backup will take over. If the router dies, no problems, that's the routers fault, backup connection takes over, routers fault. But if I set it so that each machine has a wan interface and the box w/the T coming into it dies, then still the backup will take over, but at that point it becomes the fault of the firewall. Thanks for the help and clarifications thus far. Aaron
