On 2007/04/28 04:17, Clint Pachl wrote: > I was working on a network design and was wondering if CARP can provide > fail-over for a group of layer 2 firewalls? > > I was thinking one could just associate an interface using carpdev > without specifying the IP address or netmask. Would that work? > > <firewall 1> > # ifconfig bridge0 create > # ifconfig fxp0 up > # ifconfig fxp1 up > # brconfig bridge0 add fxp0 add fxp1 up > # ifconfig carp0 create > # ifconfig carp0 vhid 1 carpdev fxp0 > # ifconfig carp1 create > # ifconfig carp1 vhid 2 carpdev fxp1 > > Am I on the right path, or will this just not work?
no, but you can use stp bridge + pfsync. 4.1 has rstp, which is considerably faster at failing-over.
