Hi, On Fri, 20.03.2009 at 14:28:46 +0100, Joerg Streckfuss <streckf...@dfn-cert.de> wrote: > How does CARP behaves when on the master node two "unimportantly" interfaces > fail and on the backup node only the uplink interface fails? Does CARP > failover > to the backup node and as consequence the whole network will be disconnected > from the internet?
my reading of carp(4) is that the behaviour depends on the setting of net.inet.carp.preempt If set to 1, then firewalls only fail over as a whole, while if set to 0, interfaces fail over individually. With interfaces failing over individually, and with appropriate routing between your firewalls, traffic should flow through the remaining interfaces. Please note that having interfaces fail over individually makes playing with pfsync and sasync *quite* interesting. Please also note that you could have more than two firewalls running CARP, so maybe the third (fourth, ...) firewall will keep you online. I guess that the real solution is to have a known-good hardware that you can bring up in minutes sitting on the shelf, and yes, to live with some downtime. Kind regards, --Toni++
