Layer 2 Fail-over w/ CARP?
I was working on a network design and was wondering if CARP can provide fail-over for a group of layer 2 firewalls? I was thinking one could just associate an interface using carpdev without specifying the IP address or netmask. Would that work? firewall 1 # ifconfig bridge0 create # ifconfig fxp0 up # ifconfig fxp1 up # brconfig bridge0 add fxp0 add fxp1 up # ifconfig carp0 create # ifconfig carp0 vhid 1 carpdev fxp0 # ifconfig carp1 create # ifconfig carp1 vhid 2 carpdev fxp1 Am I on the right path, or will this just not work? -pachl
Re: Layer 2 Fail-over w/ CARP?
On 2007/04/28 04:17, Clint Pachl wrote: I was working on a network design and was wondering if CARP can provide fail-over for a group of layer 2 firewalls? I was thinking one could just associate an interface using carpdev without specifying the IP address or netmask. Would that work? firewall 1 # ifconfig bridge0 create # ifconfig fxp0 up # ifconfig fxp1 up # brconfig bridge0 add fxp0 add fxp1 up # ifconfig carp0 create # ifconfig carp0 vhid 1 carpdev fxp0 # ifconfig carp1 create # ifconfig carp1 vhid 2 carpdev fxp1 Am I on the right path, or will this just not work? no, but you can use stp bridge + pfsync. 4.1 has rstp, which is considerably faster at failing-over.
Re: Layer 2 Fail-over w/ CARP?
On 4/28/07, Clint Pachl [EMAIL PROTECTED] wrote: I was working on a network design and was wondering if CARP can provide fail-over for a group of layer 2 firewalls? At layer 2, shouldn't spanning tree handle redundant paths correctly? Besides, by all indications in carp(4) it is only a method for fault tolerance at the IP (layer 3) level. DS