* Felipe Alfaro Solana <[email protected]> [2008-12-05 11:56]: > While the machine whose CARP interface is in ACTIVE won't have > problems sending and processing traffic, the OpenBSD machine whose > CARP interface is in BACKUP will. The machine whose CARP interface is > in BACKUP will be able to send traffic to the Internet from its public > IP address, but will not be able to process any response, for example > to contact a NTP server: the UDP response from the NTP server will > arrive at both OpenBSD machines (since both are sharing the public IP > address), but the machine whose CARP interface is BACKUP will likely > ignore the NTP response. For TCP is also very similar.
wrong. the machine which is in BACKUP will not be able to send traffic over that interface or see the replies. in general, a machine which can only reach it's default gateway via a carp interface which is in BACKUP is doomed as far as internet access goes (and before someone nitpicks too much: there might be ugly hacks with pf or tunnels or whatever to make my statement wrong; it is right for all the "normal" cases tho). > I have no idea how to deploy an scenario like this, while allowing the > machine whose CARP interface is in BACKUP to access the Internet. as simple as it can be; use 3 public IPs. getting these might be a problem, but that is the only proper solution. -- Henning Brauer, [email protected], [email protected] BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting - Hamburg & Amsterdam
