The external interface should be assigned, say, a.b.c.3 resp.
a.b.c.4.
Give them a netmask of 255.255.255.247. This will allow you 8
addresses
'on the outside' (for a slightly more efficient implementation, use
a.b.c.0 and a.b.c.3, then set your netmask to .251 - you'll not waste
any IP addresses that way, but a.b.c.0 might just be reserved, and
you'll need one more address for CARP anyway, if you want to do
that).
Now, since more specific entries trump more generic, the Soekrises
will
route a.b.c.0/28 to the outside routers and the rest of a.b.c.0/24 to
your internal network.
This takes care of redundancy 'from the inside'; if you wish to host
redundant services, you'll have to do some more work. Notably, you'll
have to find some way - BGP? OSPF? - to tell the ISP's routers that
Soekris #1 is out of commission, and to please route everything to
Soekris #2 (i.e., over a.b.c.2).
Either that, or repeat the CARP procedure. Which one is easiest/works
best is hard to say - CARP, for instance, needs broadcasts; on the
other
hand, BGP is only for people with their own ASes... hard to tell
without
more information. And outside of the scope of your question, anyway.
The two cables came from two routers of my provider.
The two ips (a.b.c.1 and a.b.c.2) are in the same vlan on the two
different routers.
Broadcast should work.
So on outside, a CARP should be the simple thing I have to do.
Thank you for the information.
I do not understand how the packets coming from the gateway a.b.c.1-2
are able to reach the routers a.b.c.3-4 on the CARP address a.b.c.5.
Cordialement,
Jean-Girard Pailloncy
