Am 21.05.2010 um 12:55 schrieb Axel Rau:
Am 20.05.2010 um 22:07 schrieb Reyk Floeter:
I will try the following with unmanaged switches, no RST:
On fbsd:
fbsd# ifconfig em0 up
fbsd# ifconfig em1 up
fbsd# ifconfig lagg0 create
fbsd# ifconfig lagg0 laggproto failover laggport em0 laggport em1
Am 21.05.2010 um 01:53 schrieb Tomoyuki Sakurai:
You need additional two OSPF routers for L3 redundancy (claudio@
explained why in a paper).
Thanks for the hint, Tomoyuki.
I have now ospfd running on both firewalls, which was one necessary
stop towards success.
Axel
---
axel@chaos1.de PGP
Am 20.05.2010 um 22:07 schrieb Reyk Floeter:
I will try the following with unmanaged switches, no RST:
+---+ +--+
|fw1|+-+ | |
+em1++ sw1 +---+ |
carp0|em2+--+ +-+-+-+em0| |
| | | | |
On Fri, May 21, 2010 at 12:22:10AM +0200, Reyk Floeter wrote:
> > Linux's bonding module has an arp monitor which solves some of these
> > problems, but the implementation is so hackish (as usual there...) that
> > I'd rather not use it in production. arping and ifstated might do the
> > same on op
On Fri, May 21, 2010 at 12:22:10AM +0200, r...@openbsd.org wrote:
> > Linux's bonding module has an arp monitor which solves some of these
> > problems, but the implementation is so hackish (as usual there...) that
> > I'd rather not use it in production. arping and ifstated might do the
> > same o
On Tue, May 18, 2010 at 10:32 PM, Axel Rau wrote:
> Yes, but what carps/trunks do I need?
I'm doing carp(4)+pfsync(4)+bridge(4)+vether(4)+trunk(4)+ospfd(8) for
L3/L2 redundancy.
Part of my config can be found at:
http://cvs.openbsd.org/cgi-bin/query-pr-wrapper?full=yes&numbers=6318
You need ad
On Thu, May 20, 2010 at 11:31:22PM +0300, Jussi Peltola wrote:
> I do this too. In addition to the previously mentioned problems with
> cheap switches losing their configs (and vlans) you should make sure the
> active interfaces are all on one switch so that the link between them
> isn't uselessly
Thanks for this detailed elaboration, Reyk.
A few questions:
Am 20.05.2010 um 22:07 schrieb Reyk Floeter:
On Thu, May 20, 2010 at 07:02:23PM +0200, Axel Rau wrote:
Now the question: Can I put a trunk on top of a carp?
you put carp on top of the trunk of course.
OK.
Can I have a trunk connec
I do this too. In addition to the previously mentioned problems with
cheap switches losing their configs (and vlans) you should make sure the
active interfaces are all on one switch so that the link between them
isn't uselessly used; this will also avoid an unpleasant split brain
event if that link
On Thu, May 20, 2010 at 07:02:23PM +0200, Axel Rau wrote:
> >>Now the question: Can I put a trunk on top of a carp?
> >
> >you put carp on top of the trunk of course.
> OK.
> Can I have a trunk connected to 2 different switches then?
>
yes, i did this many times using trunk in failover mode. thi
Am 20.05.2010 um 20:17 schrieb Henning Brauer:
However, if you need to ask if you can run a trunk on top of a carp,
This was an academic question to keep the thread running (-;
do
yourself a favor and use a single switch. There will be less
downtime.
that is something i could subscribe to :
On Thu, May 20, 2010 at 08:17:48PM +0200, Henning Brauer wrote:
> * Jussi Peltola [2010-05-20 20:07]:
>
> > If you want reliability, do not use cheap switches. Switch power
> > supplies are not the failure mode you want to avoid. I don't remember
> > seeing very many at all, however I've seen lot
On Thu, May 20, 2010 at 08:17:48PM +0200, Henning Brauer wrote:
> > I have two identical "core" switches in one (not really so critical at
> > all) place running OSPF, with a bunch of routers connecting to both
> > switches for redundancy. Works pretty well and there has even been a
> > config rese
* Henning Brauer [2010-05-20 20:23]:
> * Jussi Peltola [2010-05-20 20:07]:
> > On Thu, May 20, 2010 at 07:28:55PM +0200, Henning Brauer wrote:
> > > * Graham Allan [2010-05-20 19:23]:
> > > > On Thu, May 20, 2010 at 07:02:23PM +0200, Axel Rau wrote:
> > > > > Am 20.05.2010 um 00:04 schrieb Henni
* Jussi Peltola [2010-05-20 20:07]:
> On Thu, May 20, 2010 at 07:28:55PM +0200, Henning Brauer wrote:
> > * Graham Allan [2010-05-20 19:23]:
> > > On Thu, May 20, 2010 at 07:02:23PM +0200, Axel Rau wrote:
> > > > Am 20.05.2010 um 00:04 schrieb Henning Brauer:
> > > >
> > > > >* Axel Rau [2010-0
On Thu, May 20, 2010 at 07:28:55PM +0200, Henning Brauer wrote:
> * Graham Allan [2010-05-20 19:23]:
> > On Thu, May 20, 2010 at 07:02:23PM +0200, Axel Rau wrote:
> > > Am 20.05.2010 um 00:04 schrieb Henning Brauer:
> > >
> > > >* Axel Rau [2010-05-19 10:34]:
> > > >>Now the question: Can I put
* Graham Allan [2010-05-20 19:23]:
> On Thu, May 20, 2010 at 07:02:23PM +0200, Axel Rau wrote:
> > Am 20.05.2010 um 00:04 schrieb Henning Brauer:
> >
> > >* Axel Rau [2010-05-19 10:34]:
> > >>Now the question: Can I put a trunk on top of a carp?
> > >
> > >you put carp on top of the trunk of cou
On Thu, May 20, 2010 at 07:02:23PM +0200, Axel Rau wrote:
> Am 20.05.2010 um 00:04 schrieb Henning Brauer:
>
> >* Axel Rau [2010-05-19 10:34]:
> >>Now the question: Can I put a trunk on top of a carp?
> >
> >you put carp on top of the trunk of course.
> OK.
> Can I have a trunk connected to 2 dif
Am 20.05.2010 um 00:04 schrieb Henning Brauer:
* Axel Rau [2010-05-19 10:34]:
Now the question: Can I put a trunk on top of a carp?
you put carp on top of the trunk of course.
OK.
Can I have a trunk connected to 2 different switches then?
Axel
---
axel@chaos1.de PGP-Key:29E99DD6 +49
* Axel Rau [2010-05-19 10:34]:
> Now the question: Can I put a trunk on top of a carp?
you put carp on top of the trunk of course.
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Roo
Am 19.05.2010 um 07:59 schrieb Guido Tschakert:
What problem are you trying to resolve?
I will clarify:
+---+ +--+
| |+-+ | |
+fw1++ sw1 +---+ |
carp0| +--+ +-+-+-+em0| |
| | |
Axel Rau schrieb:
> Am 18.05.2010 um 14:11 schrieb Guido Tschakert:
>
>> I would say your Server is __the__ single point of failure (sure the
>> switch is also a spof but normally I'm more worried about servers then
>> switches)
> Yes, but it has 2 power supplies and redundant disks. If the mini p
Am 18.05.2010 um 14:11 schrieb Guido Tschakert:
> I would say your Server is __the__ single point of failure (sure the
> switch is also a spof but normally I'm more worried about servers then
> switches)
Yes, but it has 2 power supplies and redundant disks. If the mini pwr supply
of the single swi
Axel Rau schrieb:
> Hi all,
>
> I have a pair of redundant firewalls (obsd 4.6) and a server (fbsd 8.0):
>
>+---+ +--+
>| | | |
>+fw1+--+ +-+ |
> carp0| |carp1 | | em0| |
>|
Am 18.05.2010 um 14:20 schrieb Leonardo Carneiro - Veltrac:
> IMHO, the second scenario you draw solves the problem in a very elegant way.
Beside, STP and RSTP-enabled switches are becoming less expansive in the last
years.
Yes, but what carps/trunks do I need?
Axel
---
axel@chaos1.de PGP-Ke
Axel Rau wrote:
Hi all,
I have a pair of redundant firewalls (obsd 4.6) and a server (fbsd 8.0):
+---+ +--+
| | | |
+fw1+--+ +-+ |
carp0| |carp1 | | em0| |
| | | |
Hi all,
I have a pair of redundant firewalls (obsd 4.6) and a server (fbsd 8.0):
+---+ +--+
| | | |
+fw1+--+ +-+ |
carp0| |carp1 | | em0| |
| | | | | |
27 matches
Mail list logo
