Single IP failover without carpdev
Alexandre Biancalana
biancalana at gmail.com
Fri Jul 20 19:55:00 UTC 2007
On 7/20/07, David DeSimone <fox at verio.net> wrote:
>
> -----BEGIN PGP SIGNED MESSAGE-----
> That is OpenBSD's documentation you are referring to, but this is
> FreeBSD we are talking about. The implementation is not the same.
>
> In order for CARP to be effective, it must send out hello packets on a
> particular interface. Under OpenBSD, I believe there is a "carpdev"
> option for ifconfig, which allows you to set the interface explicitly.
> However, FreeBSD's implementation (at least in 6.x where I'm familiar
> with it) is missing that option. Instead, the interface is chosen by
> matching the IP address of the carp interface to the same subnet as the
> physical interface.
>
> In a case where your ISP has only assigned a single IP address to you,
> you cannot (legally) assign a pair of addresses to your firewalls and
> then assign a third IP to CARP in order to have it bind correctly to
> the external interface. Under OpenBSD, you could assign private RFC1918
> addresses to the external interfaces, and use "carpdev" to assign a
> virtual public IP, but it seems that is not possible with FreeBSD.
>
> If I am wrong, I hope that someone will correct my understanding.
Exactly this! Want I want to know is if exists some alternative way to
configure this....
More information about the freebsd-pf
mailing list