setfib+pf

[Dimitar Vasilev]

2009/1/7 Dimitar Vasilev <dimitar.vassilev at gmail.com>

> Hello,
>
> I'd like to ask on the best options for using setfib and pf in a non-BGP
> environment. I will run 2 uplinks, with VLANs for internal networks and want
> to fail over external links if one of them fails.
> Currently pf supports to the best of my knowledge:
>
> a) rtable - this means i can create the routing tables with setfib and then
> use pass from  .... rtable N( N >1 <16) or give out directly network ranges
> b) route-to - pass in/out on X from ... route-to
> c) packet tagging - i can tag networks and use standalone or through
> routing tags. Anyone aware if is it ok to use /etc/gateways without running
> routed or how can i label routes alternatively?
> d) pass in from route N(192.168.1.1 from example) to... - saw this on
> http://www.mail-archive.com/pf@benzedrine.cx/msg07220.html and requires
> BGP to make tags speak anything but network numbers.
> e) use the vlan id's
>
> I'd much appreciate if someone thinks with me for the best options of using
> the setfib features along with pf.
> Thanks!
> Best regards,
> Dimitar Vassilev
>
> Hi, could someone confirm which of the features above are working with
setfib? Seeking for the laziest and most efficient ways.
If no answer received, I will try all of them 2-3 weeks later when my gear
arrives.
Thanks.
Best regards,
Dimitar Vassilev