Jason Dixon wrote:
On Aug 1, 2006, at 5:23 PM, Tim Pushor wrote:
Stuart Henderson wrote:
The vlan idea makes a fair bit of sense - carp(4) over vlan(4)
over trunk(4) over $some_nic(4) or some other mix - but if this
is used for security be aware that your switch then becomes a
security device. Google will find more information, including
http://www.cisco.com/en/US/products/hw/switches/ps708/products_white_paper09186a008013159f.shtml
Thinking about it more, isn't it carp over trunk over vlan over nic?
I'm gonna give it a shot here in the next day or so.
No. The OpenBSD trunk device is for link aggregation and failover,
both properties of the physical layer. The OpenBSD vlan device
provides access to VLAN segments (802.1Q), properties of the data-link
and network layers.
Again, make sure you're not confusing vendor terminologies here. An
OpenBSD trunk is what many vendors refer to as teaming or bonding
(some do refer to it as trunking). However, many(?) vendors refer to
a trunk as a port carrying multiple tagged VLANs.
Hi again Jason,
Then I must have it wrong. I'll try to clarify:
I have two boxes, with 3 interfaces total each. One interface goes to
the other box for pfsync. That leaves 2 interfaces each. One interface
will go to Ethernet switch 1, and one will go to Ethernet switch 2. Each
interface will be split into 2 vlans, an internal and an external. Now I
can team these vlan's together for redundancy.
Perhaps I am thinking about this wrong .. Are you suggesting that I
create a team of physical nics (using trunk(4)), then run vlans over that?
Yes, I realize that trunk is used to refer to more than one thing. I
have always thought of it though as teaming, but calling it trunk(4) as
thats how it is documented in OpenBSD.
And a huge thank you to all helping.
Thanks,
Tim
