On Mon, Jul 25, 2005 at 10:54:00AM +0100, Stephen Marley wrote:
On Sun, Jul 24, 2005 at 10:37:29PM -0700, Jonathan Walther wrote:
I've read the carp manpage, but am not clear if carp is able to help
in the following scenario:
A box at a high availability colo site forwards some traffic to a
company LAN using a VPN. There are two VPN connections it could
route packets through, one going through the LAN's Cable connection,
the other through its DSL connection. Both VPN's connect to the same
end host on the other side of the two connections.
If the DSL connection goes down, I want all connections and traffic
to be shunted to the Cable connection. I control both ends of the
VPN, which are OpenBSD Soekris boxes.
Is this possible out of the box and supported by OpenBSD, or is it
the wrong approach to trying to keep packets getting into the LAN
when one of the external connections fail?
You could run ospfd (or quagga) on each host. (You'll need to use gif
or gre tunnels to give a multicast capable link over the vpns). Make
the dsl tunnel the lower cost route and ospf will change the routing
tables to use the other link if it goes down. When it comes back up,
ospfd will switch the routing table back to the lower cost route. I use
precisely this method to provide a backup to a 100Mb WAN link using
ipsec/adsl.
Thank you Stephen! This is exactly what I was looking for. One
question; does this solution drop any connections during the change of
the routing table? For my application, that isn't a problem, but it is
nice if it doesn't.
Jonathan
--
It's not true unless it makes you laugh,
but you don't understand it until it makes you weep.
Eukleia: Jonathan Walther
Address: 5690 Pioneer Ave, Burnaby, BC V5H2X6 (Canada)
Contact: 604-430-4973
Website: http://reactor-core.org/
Puritan: Purity of faith, Purity of doctrine
Puritan: Sola Scriptura, Tota Scriptura
Love is a sharp sword. Hold it by the right end.
