From owner-freebsd-questions@FreeBSD.ORG Sat Jun 25 19:45:47 2005 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1108016A41C for ; Sat, 25 Jun 2005 19:45:47 +0000 (GMT) (envelope-from frank@knobbe.us) Received: from mail.praemunio.com (mail.praemunio.com [66.179.47.216]) by mx1.FreeBSD.org (Postfix) with SMTP id C11F243D1F for ; Sat, 25 Jun 2005 19:45:46 +0000 (GMT) (envelope-from frank@knobbe.us) Received: from localhost (HELO mail.knobbe.us) by localhost with SMTP; 25 Jun 2005 14:45:46 -0500 Received: from localhost by localhost with SMTP; 25 Jun 2005 14:45:45 -0500 From: Frank Knobbe To: Martin =?ISO-8859-1?Q?P=E1la?= In-Reply-To: <37051F1A0CB8814091E13F99DCCEDA41114F30E2@VH01EX02.oskarmobil.cz> References: <37051F1A0CB8814091E13F99DCCEDA41114F30E2@VH01EX02.oskarmobil.cz> Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-mSLgpv68juMvtUdQ+ocO" Date: Sat, 25 Jun 2005 14:45:42 -0500 Message-Id: <1119728742.20856.26.camel@localhost> Mime-Version: 1.0 X-Mailer: Evolution 2.2.3 FreeBSD GNOME Team Port Cc: freebsd-questions@freebsd.org, archie@freebsd.org Subject: Re: redundant ethernet adapters - fault tolerance? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 25 Jun 2005 19:45:47 -0000 --=-mSLgpv68juMvtUdQ+ocO Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable On Thu, 2005-06-09 at 10:17 +0200, Martin P=E1la wrote: > Is ethernet adapter HA supported in FreeBSD? >=20 > For example on linux it is possible to select active-pasive mode of > ethernet bonding module (linux alternative). This works perfectly > (only one interface is active at a time, the other is backup). I achieved a similar set up (two NIC's and two switches, meshed against 2 routers). My solution as a bit easier. I selected one NIC as the primary interface. Then I have a script running in the background that pings the router every 5 seconds. If it does not get a reply it does a second ping, and should that fail too it does the following: - it deletes the IP address(es) from the primary interface - it shuts the primary interface down - it deletes the default route - it brings the secondary interface up - it assigns the IP address(es) to the secondary inteface - it sets the default route That's the easy part. Then the script also does: - runs sed over /etc/rc.conf and replace the primary interface names with the secondary ones - runs sed over /etc/ipnat.rules - runs sed over /etc/ipf.rules - writes the ipf state table - runs the ipfs tools on the state and NAT file to change the primary i/f name to the secondary - clears the ipfilter state and rule table - reloads the ipfilter rules - reloads the ipfilter state and NAT tables It then swaps interface definitions and resumes the loop, pinging the router the again. Works like a charm. Any router, switch or NIC can fail, and the system will automatically fail-over, even preserving existing TCP sessions in the firewall state tables. (Hint: the ipfs tool is broken. I had sent an email to Darren with the fix. Not sure if that found it's way into the source yet. If you run the ipfs tools, but can not change interface names, send me an email and I'll forward the patch to you.) Cheers, Frank --=-mSLgpv68juMvtUdQ+ocO Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (FreeBSD) iD8DBQBCvbRmwBQKb2zelzoRAifOAJ98Qo0WsfZSIcTY6I2vepj4dEeZ5QCfUbRo jGYxxbaWue90CsBPZrBHcbw= =kMFW -----END PGP SIGNATURE----- --=-mSLgpv68juMvtUdQ+ocO--