* Russell Fulton <[EMAIL PROTECTED]> [2007-10-25 10:09]: > Henning Brauer wrote: > > so get a little transfer net and make your upstream adjust his routes > > > > otherwise you need a bridge indeed, but you really want to avoid that > > if you have a chance to go for regular routed with carp etc. > we also run redundant bridges -- we have two physical paths to our ISP > only one of which is ever in use. We have bridges on both these link > and use pfsync to share state. The network uses STP to fail the traffic > between the links. Works well for us.
I have never said it does not work. Heck, bridge & (r)stp on OpenBSD are probably better than on most OSes out there. BUT: I hate bridges. They make debugging really darn hard, and come with their own set of problems. (r)stp you cannot run in any remotely secure fashion without filters on the switches (to be honest, you need the same for carp, but there it isn't THAT a disaster because carp uses some crypto, (r)stp does not) -- Henning Brauer, [EMAIL PROTECTED], [EMAIL PROTECTED] BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting - Hamburg & Amsterdam
