On 01/01/2006 03:09:03 PM, Marco Pfatschbacher wrote:
On Sun, Jan 01, 2006 at 12:28:42AM +0000, Karl O. Pinc wrote:
[...]
> Suppose I have 2 firewalls, one failing over to the
> other with carp. (net.inet.carp.preempt=1 on
> both firewalls.) Each has 3 interfaces, internet,
> lan, and dmz. The dmz has, say, a webserver.
> Now to connect the 2 firewalls to the webserver
> an additional switch/hub is required in the physical
> topology.
>
[...]
> If the dmz interfaces go down, then does this
> not shut off all the carp interfaces on both
> firewalls as a group, turning off the parts
> of both firewalls that are still functioning?
[...]
[...]
In your scenario, both firewalls would chage their advskew to 240.
But a takeover only happens if one has a lower advskew, not if they
are equal. Therefore you should be just fine.
So then what happens next when, say, the internet interface
goes down on just the master firewall? Even though the backup has
two working interfaces and the master only one, the advskew
everywhere is already at 240 and the backup will not
become the master. Right? (Seems like when
net.inet.carp.preempt=1 the advskew should keep going
up as more interfaces go down.)
Karl <[EMAIL PROTECTED]>
Free Software: "You don't pay back, you pay forward."
-- Robert A. Heinlein
