Re: carp+openospfd
On 8/1/08, Nikos Vassiliadis <[EMAIL PROTECTED]> wrote: > On Friday 01 August 2008 06:54:02 Alexandre Biancalana wrote: > > The firewalls failover this is working great with Carp. My > > difficulties is to configure OpenOSPFD to distribute routes in this > > setup, > > > Two points: > 1) Did you try to run OSPF on the CARP interface? > Or the physical one? I don't think running OSPF > on the CARP interface will work, cause the CARP > interface receives nothing while at BACKUP mode. OpenOSPFD always see CARP interfaces as passive... > > No, OSPF cannot provide load balancing, as FreeBSD does not support > equal cost multipath routing, that is you can use one and only one > next hop for a destination. So, in short, OSPF will not do load > balancing, as it does with other vendors you may be familiar with. bad news... I remember now that multiple fibs are too new on FreeBSD... Thinking again, I can survive with equal cost multipath routing and do the failover via script... How's good is our ECMP ? Have someone tested this ? > > If you run CARP on the LAN links as well(which you probably do), > you should test and see how CARP's ARP level load balancing fits > your network... It's working as expected Thank you again! ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: carp+openospfd
On Friday 01 August 2008 06:54:02 Alexandre Biancalana wrote: > The firewalls failover this is working great with Carp. My > difficulties is to configure OpenOSPFD to distribute routes in this > setup, Two points: 1) Did you try to run OSPF on the CARP interface? Or the physical one? I don't think running OSPF on the CARP interface will work, cause the CARP interface receives nothing while at BACKUP mode. 2) Specify the router-id yourself to avoid OpenOSPFD's autoselection, remember that the CARP interface has the same IP address on both hosts and that's not very nice to OSPF:) > the links failover+loadbalance comes naturally after ospf > running. No, OSPF cannot provide load balancing, as FreeBSD does not support equal cost multipath routing, that is you can use one and only one next hop for a destination. So, in short, OSPF will not do load balancing, as it does with other vendors you may be familiar with. If you run CARP on the LAN links as well(which you probably do), you should test and see how CARP's ARP level load balancing fits your network... Hope this helps a bit, Nikos ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: carp+openospfd
On 7/30/08, Nikos Vassiliadis <[EMAIL PROTECTED]> wrote: > On Wednesday 30 July 2008 16:56:23 Alexandre Biancalana wrote: > > On 7/30/08, Nikos Vassiliadis <[EMAIL PROTECTED]> wrote: > > > On Wednesday 30 July 2008 07:51:52 Alexandre Biancalana wrote: > > > > Hi list, (I already ask this on -net, but I get no answers) > > > > > > > > I have two 100Mbit link (L2L, lan to lan) between the company and > > > > our datacenter, on each side I have two redudant (pf+carp) > > > > firewalls. > > > > > > > > I configured one vlan for each 100Mbit link and used carp to do > > > > the failover between machines on each side, the vlan interfaces are > > > > configured without ip address (with Max's > > > > carpdev patch), only carp interfaces have ips. > > > > > > > > I want to use OpenOSPFD to distribute our internal routes and do > > > > automatic failover+loadbalance of this two 100Mbit links. > > > > > > > > This work ? Someone have a similar setup ? Any hints ? > > > > > > I think using OSPF and CARP on the same interface could have > > > unexpected results. > > > > I see some examples > > > You get to have two ways to forward packet to a destination. > One via CARP and one via OSPF. I think it's a possible source > of errors. > > > > > > > I would use CARP on the "lan to lan" link to provide redundancy > > > and load balancing. Do you have to use OSPF? > > > That is, is there an OSPF domain in which you have to be part of? > > > > I use CARP for firewall redundancy on each side. I want to use OSPF to > > easy distribute routes on my networks, the failover and load balance > > of the links are a desirable plus. > > > So, there is an OSPF domain besides the four FreeBSD firewalls, right? Is what I want to configure > > Could you provide your network's topology? > Is it something like: > LAN1CLUSTER1CLUSTER2LAN2 > where: > CLUSTER1 = CARP(FW1, FW2) > CLUSTER2 = CARP(FW3, FW4) Local Network Datacenter Network FW1 (master)FW3(master) Link1(100Mbit) (10.0.0.49/30) carp206 <--> carp20 (10.0.0.50/30) (10.0.0.45/30) carp207 <--> carp30 (10.0.0.46/30) Link2 (100Mbit) FW2 (slave) FW4(slave) Yes, in my setup I want to do failover of the firewalls (if FW1 crash FW2 assume the two links, firewall rules,etc) and loadbalance+failover of two 100Mbit links (I want to use the two links together (100+100) and if one of then fail all the traffic be routed to another) The firewalls failover this is working great with Carp. My difficulties is to configure OpenOSPFD to distribute routes in this setup, the links failover+loadbalance comes naturally after ospf running. > For example, in the above diagram you cannot load > balance the traffic, it will always go through the > same routers: > FW1 and FW3 or > FW1 and FW4 or > FW2 and FW3 or > FW2 and FW4. > > It will of course failover in case of a FW failure. Yes. Only one firewall is master on each side. > > > > I would use CARP on the "lan to lan" link to provide redundancy > > and load balancing. > > > So, my suggestion above is false, at least with the current > CARP on FreeBSD. > > Please supply more info about your setup, I hope that you understand, if not I can draw something more detailed. Thank you for your time. Alexandre ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: carp+openospfd
On Wednesday 30 July 2008 16:56:23 Alexandre Biancalana wrote: > On 7/30/08, Nikos Vassiliadis <[EMAIL PROTECTED]> wrote: > > On Wednesday 30 July 2008 07:51:52 Alexandre Biancalana wrote: > > > Hi list, (I already ask this on -net, but I get no answers) > > > > > > I have two 100Mbit link (L2L, lan to lan) between the company and > > > our datacenter, on each side I have two redudant (pf+carp) > > > firewalls. > > > > > > I configured one vlan for each 100Mbit link and used carp to do > > > the failover between machines on each side, the vlan interfaces are > > > configured without ip address (with Max's > > > carpdev patch), only carp interfaces have ips. > > > > > > I want to use OpenOSPFD to distribute our internal routes and do > > > automatic failover+loadbalance of this two 100Mbit links. > > > > > > This work ? Someone have a similar setup ? Any hints ? > > > > I think using OSPF and CARP on the same interface could have > > unexpected results. > > I see some examples You get to have two ways to forward packet to a destination. One via CARP and one via OSPF. I think it's a possible source of errors. > > > I would use CARP on the "lan to lan" link to provide redundancy > > and load balancing. Do you have to use OSPF? > > That is, is there an OSPF domain in which you have to be part of? > > I use CARP for firewall redundancy on each side. I want to use OSPF to > easy distribute routes on my networks, the failover and load balance > of the links are a desirable plus. So, there is an OSPF domain besides the four FreeBSD firewalls, right? Could you provide your network's topology? Is it something like: LAN1CLUSTER1CLUSTER2LAN2 where: CLUSTER1 = CARP(FW1, FW2) CLUSTER2 = CARP(FW3, FW4) ??? For example, in the above diagram you cannot load balance the traffic, it will always go through the same routers: FW1 and FW3 or FW1 and FW4 or FW2 and FW3 or FW2 and FW4. It will of course failover in case of a FW failure. > I would use CARP on the "lan to lan" link to provide redundancy > and load balancing. So, my suggestion above is false, at least with the current CARP on FreeBSD. Please supply more info about your setup, Nikos ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: carp+openospfd
On Wednesday 30 July 2008 07:51:52 Alexandre Biancalana wrote: > Hi list, (I already ask this on -net, but I get no answers) > > I have two 100Mbit link (L2L, lan to lan) between the company and our > datacenter, on each side I have two redudant (pf+carp) firewalls. > > I configured one vlan for each 100Mbit link and used carp to do the > failover between machines on each side, the vlan interfaces are > configured without ip address (with Max's > carpdev patch), only carp interfaces have ips. > > I want to use OpenOSPFD to distribute our internal routes and do > automatic failover+loadbalance of this two 100Mbit links. > > This work ? Someone have a similar setup ? Any hints ? I think using OSPF and CARP on the same interface could have unexpected results. I would use CARP on the "lan to lan" link to provide redundancy and load balancing. Do you have to use OSPF? That is, is there an OSPF domain in which you have to be part of? Nikos ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
