From owner-freebsd-questions@FreeBSD.ORG Wed Jul 30 15:04:49 2008 Return-Path: Delivered-To: questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id B13EF1065682 for ; Wed, 30 Jul 2008 15:04:49 +0000 (UTC) (envelope-from nvass@teledomenet.gr) Received: from smtp.teledomenet.gr (smtp.teledomenet.gr [213.142.128.2]) by mx1.freebsd.org (Postfix) with ESMTP id 6D0F58FC2C for ; Wed, 30 Jul 2008 15:04:49 +0000 (UTC) (envelope-from nvass@teledomenet.gr) Received: by smtp.teledomenet.gr (Postfix, from userid 58) id 818D1142034; Wed, 30 Jul 2008 18:04:48 +0300 (EEST) X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on smtp.teledomenet.gr X-Spam-Level: X-Spam-Status: No, score=-2.5 required=5.0 tests=BAYES_00,RDNS_NONE autolearn=no version=3.2.5 Received: from iris.teledomenet.local (unknown [192.168.1.71]) by smtp.teledomenet.gr (Postfix) with ESMTP id A597114218F; Wed, 30 Jul 2008 18:04:16 +0300 (EEST) From: Nikos Vassiliadis To: "Alexandre Biancalana" , questions@freebsd.org Date: Wed, 30 Jul 2008 18:06:03 +0300 User-Agent: KMail/1.9.7 References: <8e10486b0807292151wa67d464kfd906da08a2f8053@mail.gmail.com> <200807301239.59573.nvass@teledomenet.gr> <8e10486b0807300656j54a6fb31p65add890fd00bc8c@mail.gmail.com> In-Reply-To: <8e10486b0807300656j54a6fb31p65add890fd00bc8c@mail.gmail.com> X-NCC-RegID: gr.telehouse MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200807301806.04141.nvass@teledomenet.gr> Cc: Subject: Re: carp+openospfd X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 30 Jul 2008 15:04:49 -0000 On Wednesday 30 July 2008 16:56:23 Alexandre Biancalana wrote: > On 7/30/08, Nikos Vassiliadis wrote: > > On Wednesday 30 July 2008 07:51:52 Alexandre Biancalana wrote: > > > Hi list, (I already ask this on -net, but I get no answers) > > > > > > I have two 100Mbit link (L2L, lan to lan) between the company and > > > our datacenter, on each side I have two redudant (pf+carp) > > > firewalls. > > > > > > I configured one vlan for each 100Mbit link and used carp to do > > > the failover between machines on each side, the vlan interfaces are > > > configured without ip address (with Max's > > > carpdev patch), only carp interfaces have ips. > > > > > > I want to use OpenOSPFD to distribute our internal routes and do > > > automatic failover+loadbalance of this two 100Mbit links. > > > > > > This work ? Someone have a similar setup ? Any hints ? > > > > I think using OSPF and CARP on the same interface could have > > unexpected results. > > I see some examples You get to have two ways to forward packet to a destination. One via CARP and one via OSPF. I think it's a possible source of errors. > > > I would use CARP on the "lan to lan" link to provide redundancy > > and load balancing. Do you have to use OSPF? > > That is, is there an OSPF domain in which you have to be part of? > > I use CARP for firewall redundancy on each side. I want to use OSPF to > easy distribute routes on my networks, the failover and load balance > of the links are a desirable plus. So, there is an OSPF domain besides the four FreeBSD firewalls, right? Could you provide your network's topology? Is it something like: LAN1----CLUSTER1====CLUSTER2----LAN2 where: CLUSTER1 = CARP(FW1, FW2) CLUSTER2 = CARP(FW3, FW4) ??? For example, in the above diagram you cannot load balance the traffic, it will always go through the same routers: FW1 and FW3 or FW1 and FW4 or FW2 and FW3 or FW2 and FW4. It will of course failover in case of a FW failure. > I would use CARP on the "lan to lan" link to provide redundancy > and load balancing. So, my suggestion above is false, at least with the current CARP on FreeBSD. Please supply more info about your setup, Nikos