Redundant network router setup?
Michael K. Smith - Adhost
mksmith at adhost.com
Tue Aug 14 09:10:38 PDT 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Hello All:
> -----Original Message-----
> From: owner-freebsd-questions at freebsd.org [mailto:owner-freebsd-
> questions at freebsd.org] On Behalf Of Chuck Swiger
> Sent: Monday, August 13, 2007 5:20 PM
> To: Modulok
> Cc: freebsd-questions at freebsd.org
> Subject: Re: Redundant network router setup?
>
> On Aug 13, 2007, at 4:59 PM, Modulok wrote:
> > QUESTION: Is there a way to setup a redundant router, such that I can
> > offload traffic from the primary router to another machine, without
> > breaking TCP sessions?
>
> There are several ways of setting up such redundancy; the common case
> which Cisco calls VRRP, you can use under FreeBSD as CARP. However,
> this approach is limited to pure routing; it does not handle
> replicating the NAT state tables:
>
> > BACKGROUND: I have a FreeBSD machine acting as a gateway, running
> > natd(8) through ipfw(8).
>
> ...which you mention you are using. I don't know of any way to
> provide redundancy for existing connections going via natd.
>
> --
> -Chuck
This may require a bit of a modification, but we use two boxes running PF with CARP interfaces and PFSync to maintain state tables in the event of a failure. We use them in a failover setup but you can also set them up to load balance. In either case, PFSync takes care of the state tables quite well.
Regards,
Mike
-----BEGIN PGP SIGNATURE-----
Version: 9.6.2 (Build 2014)
wsBVAwUBRsHT/PTXQhZ+XcVAAQjPfQgArkO3G5qh24lJnXtnLetSzrksWJpUKNFH
RR5WFcV0lNU6hetY9/q4Y08Tx9Ltpo9foxI7yOrv6lJ7w/qombDOwBXZwhKCtpPu
22i6QQiY8zJcOTKUVJO9DMChaPsxuFj1saPdczZg2jgnFD4GkT91vqBJo0uJLDxd
QHGwp4qGpdCml4CW7ZKSo8UwuoQTmHN59im5zZMkP84qUCq8B7PMKMVDRfMYFo/d
fCASiWoKAZ0g0a6zilV0qsgNdyLEl3M9YRF9UhXgyQqFlKcv/gEQkCgpAlssftZK
n4wSw0g7Rh4GitoM+nKaSrKqCBxrZIx1VRtfscyh2SkrX9UQIorh2g==
=QMRw
-----END PGP SIGNATURE-----
More information about the freebsd-questions
mailing list