Hello all, any hint ?
thanks in advance stephan 2013/5/17 WolfSec-Support <[email protected]>: > Hello, > > found nothing useable till now. > > setup in place / clear for me: > - 2 boxes in HA setup / CARP IP only in LAN > - all connections to both boxes via vlans in a failover LAGG on 2 nics per box > - 2 cheap internet links via 2 different providers (cable and pppoe) > - vlan 100 for cable modem (internet A via DHCP) > - vlan 200 for connection to DSL modem internet B > - both boxes see all vlans (LAN and Internet 2x + sync interface) > - all traffic goes trough box master > - box slave only if box master fails completely > > > wished functionality / setup: > - internet A for all other traffic (surfing / email / vpn) / traffic X > - internet B for a subnet (official IP's of voip provider) only / traffic Y > - so to have no dynamic balancing > > - slavebox will be only used if master box fails completely > - masterbox sends all traffic (X and Y) via internet A if internet B > fails / vice versa via Internet B if internet A fails > > known: > - internal CARP IP / external not, so: > - sure, internet is NOT stateful in this setup in a case of failover > - VPN will go down and up in case of failover - so also not stateful > > > version a) > - internet A on both boxes via DHCP (official IP's) > - internet B on master box via PPPoE ( 1 official IP) > - slave box is NOT using PPPoE connection, untill box master fails > - if box master comes back, box slave will disconnect PPPoE, after box > master is up AND running AND back the active CARP MASTER member > - so LAN "CARP BACKUP" can trigger PPPoE down > > version b) > same as a) > exception: if PPPoE failover is NOT possible, > - to put in front of PPPoE a cheap DSL-NAT-router > - same setup but internet B is now also via DHCP (different 192.168.x.y/24 > net) > - so both boxes have permanent access via internet A and B via DHCP > (sure, in different subnets) > > any hints are welcome > > thanks in advance > > stephan -- Stephan Wolf WolfSec Rairing 65 CH-8108 Dällikon +41 43 536 1191 +41 76 566 8222 http://www.wolfsec.ch _______________________________________________ List mailing list [email protected] http://lists.pfsense.org/mailman/listinfo/list
