Hi all,
I have a pair of redundant firewalls (obsd 4.6) and a server (fbsd 8.0):
+---+ +------+
| | | |
----+fw1+----------+ +---------+ |
carp0| |carp1 | | em0| |
| | | | | |
+-+-+ +-+-+-+ | |
| | sw | |Server|
+-+-+ +-+-+-+ | fbsd |
| | | | | |
----+fw2+----------+ +---------+ |
carp0| |carp1 em1| |
| | | |
+---+ DMZ +------+
We all know, the switch is the sigle point of failure.
Even worse, when it fails the carp0 pair starts flapping, disturbing
other firewall traffic.
So, how to resolve this?
Trunking would only be possible between 2 boxes, not 3.
Carp on top of trunk?
2 Carp pairs on the firewalls and 1 pair at the server?
If I get it right, the physical LAN should look like this:
+---+ +------+
| | +-----+ | |
----+fw1+--------+ sw1 +-------+ |
carp0| +--+ +-+-+-+ em0| |
| | | | | |
+-+-+ | +----+ | |
| | | |Server|
+-+-+ +--|------+ | fbsd |
| | | | | |
| +-----+ +-+-+-+ | |
----+fw2+--------+ sw2 +-------+ |
carp0| | +-----+ em1| |
+---+ +------+
Switches must have Spanning Tree support (RSTP), so I hope a pair of
Netgear GS108T can do this.
Any proposals highly appreciated,
Axel
---
[email protected] PGP-Key:29E99DD6 +49 151 2300 9283 computing @
chaos claudius
