* Adam Thompson <athom...@athompso.net> [2014-06-30 19:15]: > traffic with IPSec. Other uses are possible, but questionable because > they may break lower-level assumptions. (or so I believe, anyway. I'm > sure Henning will correct me if not.)
I don't think carppeer uses than manually specifying the IP on the carpdev of the other node are very well tested, so there might be surprises, but I really don't why other uses shouldn't work as long as the nodes see each other. > FWIW, I don't use carppeer even > though it could save me substantial IP address space, for a couple of > reasons: > 1) I want the canary-in-the-coal-mine to inform me of any > layer 2 weirdness > 2) I prefer predictability and "normal" use cases > 3) > if I ever stop using CARP and switch to HSRP or VRRP, I'll need those > addresses again you are creating massive confusion here regarding carppeer and unnumbered carpdevs - those really have nothing to do with each other. That said, I do use unnumbered carpdevs in some cases and places. If carp0 has 10.0.0/24, and carp0 is backup on nodeX, nodeX might not be able to reach 10.0.0/24. No more, no less. Can hurt, esp when the default gateway is in that net, but is perfectly fine in many cases. -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services GmbH, http://bsws.de, Full-Service ISP Secure Hosting, Mail and DNS. Virtual & Dedicated Servers, Root to Fully Managed Henning Brauer Consulting, http://henningbrauer.com/
