Carp Suppression

Greg Hennessy Greg.Hennessy at nviz.net
Mon Jun 13 16:51:38 GMT 2005 

 
> The reason we are using CARP on a PLIP interface is to allow 
> us to have redundant connections between 2 transparent 
> bridging firewalls. 

CARP is not going to work with a layer 2 firewall. 

> Instead of sending packets over our network, we isolate them 
> onto a PLIP interface and crossover interface.

That not going to work on a point to point connection, the other party
cannot see the carp traffic. 
never mind the overhead that running plip puts on a system, a length of
baling twine would make for a better physical transport.  

>  We then use 
> ifstaded to monitor the carp interfaces and shut down 
> bridging on one of the machines.

Spanning tree is a no brainer for such a setup, pfsync takes care of the
rest. 

http://www.seattlecentral.edu/~dmartin/docs/bridge.html



Greg


> 
> I will refrain from submitting any code to the community in 
> the future.
> 
> On 6/13/05, Yar Tikhiy <yar at comp.chem.msu.su> wrote:
> > On Mon, Jun 13, 2005 at 10:10:54AM -0400, Josh Kayse wrote:
> > > One last comment,
> > >
> > > I managed to fix it so that carp runs on the plip 
> interface by adding:
> > > ifp->if_flags = LINK_STATE_UP;
> > >
> > > Here is the diff:
> > >
> > > diff -Nur /usr.orig/src/sys/dev/ppbus/if_plip.c 
> /usr/src/sys/dev/ppbus/if_plip.c
> > > --- /usr.orig/src/sys/dev/ppbus/if_plip.c       Wed Sep 
> 15 11:14:18 2004
> > > +++ /usr/src/sys/dev/ppbus/if_plip.c    Mon Jun 13 10:05:56 2005
> > > @@ -359,6 +359,7 @@
> > >
> > >             ppb_wctr(ppbus, IRQENABLE);
> > >             ifp->if_flags |= IFF_RUNNING;
> > > +           ifp->if_flags = LINK_STATE_UP;
> > >         }
> > >         break;
> > 
> > I'm afraid you're totally wrong here.
> > 
> > First, I can't see how CARP is supposed to work on a PLIP 
> interface or 
> > any point-to-point interface at all.  CARP is for broadcast 
> > interfaces, such as Ethernet or FDDI, which do ARP.  You 
> seem to miss 
> > the point.
> > 
> > Second, you can't store an arbitrary value into a variable or field 
> > and expect the things to work right.  LINK_STATE_UP simply 
> is not for
> > ifp->if_flags.  Please make yourself familiar with the basics of
> > computer programming before offering your patches to the community.
> > 
> > --
> > Yar
> > 
> 
> 
> --
> Joshua Kayse
> Computer Engineering
> _______________________________________________
> freebsd-pf at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-pf
> To unsubscribe, send any mail to "freebsd-pf-unsubscribe at freebsd.org"
> 
>

More information about the freebsd-pf mailing list