Carp Suppression
Brooks Davis
brooks at one-eyed-alien.net
Mon Jun 13 17:40:23 GMT 2005
On Mon, Jun 13, 2005 at 01:35:12PM -0400, Josh Kayse wrote:
> On 6/13/05, Greg Hennessy <Greg.Hennessy at nviz.net> wrote:
> > > We then use
> > > ifstaded to monitor the carp interfaces and shut down
> > > bridging on one of the machines.
> >
> > Spanning tree is a no brainer for such a setup, pfsync takes care of the
> > rest.
> >
> We did not want to go with STP because it would not be a self
> contained solution. Now we can use these firewalls anywhere without
> having to modify any routers, just plug them in inline and it is set.
> We also wanted to stick with FreeBSD because we have a knowledgebase
> already set up for it and we know how to use it. Unfortunately, there
> is no support for STP in freebsd bridging. Yes, I had already looked
> into using pfsync and STP, we also considered just using scripts.
FYI, we have STP via if_bridge in 6.x.
-- Brooks
--
Any statement of the form "X is the one, true Y" is FALSE.
PGP fingerprint 655D 519C 26A7 82E7 2529 9BF0 5D8E 8BE9 F238 1AD4
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-pf/attachments/20050613/339c8e41/attachment.bin
More information about the freebsd-pf
mailing list