On 10/9/2019 2:50 PM, Julian Elischer wrote:
On 10/9/19 2:34 AM, Julien Cigar wrote:
On Tue, Oct 08, 2019 at 01:05:37PM -0700, Julian Elischer wrote:
On 10/8/19 8:58 AM, Julien Cigar wrote:
On Tue, Oct 08, 2019 at 10:20:34AM -0500, Matthew Grooms wrote:
Hi Julien,
Hi Matthew,
It's not clear why you are trying to assign multiple carp IP
address to
two different interfaces from within the same IP subnet. Are you
trying
to fail over a 2nd carp address or are you trying to improve
throughput/redundancy? If you just want to fail over a 2nd carp
address,
assign a 2nd alias to your first interface. If your trying to improve
throughput/redundancy, assign both interfaces to a lagg and build
your
carp interfaces on top of that instead.
Currently outbound traffic from $net1 and $net2 (two private networks)
pass through the same network interface (igb0) (as you can see in (1)
in my previous post) on the router. I'd like to prevent that
$net2 saturates the interface and slow down traffic from $net1
(which is
more important). I could lagg and build CARP on top of that but it
wouldn't prevent $net2 to saturate the interface (unless I'm plugin
ALTQ
of course, which I'd like to avoid).
-Matthew
On 10/8/2019 8:48 AM, Julien Cigar wrote:
Hello,
I'd like to NAT outbound traffic from two different private networks
through two different interfaces, with CARP on top. I have 4
public IPS
available (193.x.x.89, 193.x.x.90, 193.x.x.91, 193.x.x.92).
I have two redundant router/firewall running FreeBSD 12 with CARP
and
PF with the following: (1) which works well, but all traffic
goes through the same interface.
So I'd like to switch to something like (2), which will not work
(lines
5 and 13 are not valid) and I'm wondering if I could use
something like
(3) ..?
Thank you!
Julien
(1)
https://gist.github.com/silenius/4f6173a9b6690292c2174ab3bb89d292
(2)
https://gist.github.com/silenius/da9be7e74e9861fa55f927d194e3e410
(3)
https://gist.github.com/silenius/b237565b0d181248ff80ea296e5537db
_______________________________________________
freebsd-net@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to
"freebsd-net-unsubscr...@freebsd.org"
can you draw it?
yes, see https://ibb.co/mv5RPM9
so, you have several ways of doing this:
one is to assign a different routing table to each class of traffic.
Each table hasĀ a different default route, sending data out to a
different external interface.
Each interface out is NAT'd so that the return packets will come back
the same way.
How do you classify the traffic based on the source address when using
multiple route tables?
But you only have a single pipe to the internet, So one wonders how
that helps with redundancy?
I asked a similar question. He believe he mentioned that he was trying
to get around the 1Gbit limit of each interface. WRT redundancy, he
probably means the use of a backup firewall, carp and probably pfsync.
-Matthew
_______________________________________________
freebsd-net@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
