redundant ethernet adapters - fault tolerance?
frank at knobbe.us
Sat Jun 25 19:45:47 GMT 2005
On Thu, 2005-06-09 at 10:17 +0200, Martin Pála wrote:
> Is ethernet adapter HA supported in FreeBSD?
> For example on linux it is possible to select active-pasive mode of
> ethernet bonding module (linux alternative). This works perfectly
> (only one interface is active at a time, the other is backup).
I achieved a similar set up (two NIC's and two switches, meshed against
2 routers). My solution as a bit easier. I selected one NIC as the
primary interface. Then I have a script running in the background that
pings the router every 5 seconds. If it does not get a reply it does a
second ping, and should that fail too it does the following:
- it deletes the IP address(es) from the primary interface
- it shuts the primary interface down
- it deletes the default route
- it brings the secondary interface up
- it assigns the IP address(es) to the secondary inteface
- it sets the default route
That's the easy part. Then the script also does:
- runs sed over /etc/rc.conf and replace the primary interface names
with the secondary ones
- runs sed over /etc/ipnat.rules
- runs sed over /etc/ipf.rules
- writes the ipf state table
- runs the ipfs tools on the state and NAT file to change the primary
i/f name to the secondary
- clears the ipfilter state and rule table
- reloads the ipfilter rules
- reloads the ipfilter state and NAT tables
It then swaps interface definitions and resumes the loop, pinging the
router the again.
Works like a charm. Any router, switch or NIC can fail, and the system
will automatically fail-over, even preserving existing TCP sessions in
the firewall state tables.
(Hint: the ipfs tool is broken. I had sent an email to Darren with the
fix. Not sure if that found it's way into the source yet. If you run the
ipfs tools, but can not change interface names, send me an email and
I'll forward the patch to you.)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 187 bytes
Desc: This is a digitally signed message part
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20050625/be847d55/attachment.bin
More information about the freebsd-questions