Date: Mon, 13 Jun 2005 13:35:12 -0400 From: Josh Kayse <josh.kayse@gmail.com> To: Greg Hennessy <Greg.Hennessy@nviz.net> Cc: freebsd-net@freebsd.org, freebsd-pf@freebsd.org Subject: Re: Carp Suppression Message-ID: <7c8f27920506131035841d5d0@mail.gmail.com> In-Reply-To: <20050613165202.51063DA@gw2.local.net> References: <7c8f2792050613090040c924c3@mail.gmail.com> <20050613165202.51063DA@gw2.local.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On 6/13/05, Greg Hennessy <Greg.Hennessy@nviz.net> wrote: >=20 > > The reason we are using CARP on a PLIP interface is to allow > > us to have redundant connections between 2 transparent > > bridging firewalls. >=20 > CARP is not going to work with a layer 2 firewall. It's running over the PLIP interface and the crossover cable.=20 ifstated will change the advskew of the carp interfaces if one of the bridging interfaces goes down. >=20 > > Instead of sending packets over our network, we isolate them > > onto a PLIP interface and crossover interface. >=20 > That not going to work on a point to point connection, the other party > cannot see the carp traffic. > never mind the overhead that running plip puts on a system, a length of > baling twine would make for a better physical transport. Both firewalls can see the carp information over the PLIP connection, so I assume it works. And it wasn't my choice to use the plip interface. >=20 > > We then use > > ifstaded to monitor the carp interfaces and shut down > > bridging on one of the machines. >=20 > Spanning tree is a no brainer for such a setup, pfsync takes care of the > rest. >=20 We did not want to go with STP because it would not be a self contained solution. Now we can use these firewalls anywhere without having to modify any routers, just plug them in inline and it is set.=20 We also wanted to stick with FreeBSD because we have a knowledgebase already set up for it and we know how to use it. Unfortunately, there is no support for STP in freebsd bridging. Yes, I had already looked into using pfsync and STP, we also considered just using scripts. Anyway, I don't want to try and defend myself on our setup. We have everything working now and I just wanted to let others know how they could use carp over PLIP if they so needed to. > http://www.seattlecentral.edu/~dmartin/docs/bridge.html >=20 >=20 >=20 > Greg >=20 >=20 > > > > I will refrain from submitting any code to the community in > > the future. > > > > On 6/13/05, Yar Tikhiy <yar@comp.chem.msu.su> wrote: > > > On Mon, Jun 13, 2005 at 10:10:54AM -0400, Josh Kayse wrote: > > > > One last comment, > > > > > > > > I managed to fix it so that carp runs on the plip > > interface by adding: > > > > ifp->if_flags =3D LINK_STATE_UP; > > > > > > > > Here is the diff: > > > > > > > > diff -Nur /usr.orig/src/sys/dev/ppbus/if_plip.c > > /usr/src/sys/dev/ppbus/if_plip.c > > > > --- /usr.orig/src/sys/dev/ppbus/if_plip.c Wed Sep > > 15 11:14:18 2004 > > > > +++ /usr/src/sys/dev/ppbus/if_plip.c Mon Jun 13 10:05:56 2005 > > > > @@ -359,6 +359,7 @@ > > > > > > > > ppb_wctr(ppbus, IRQENABLE); > > > > ifp->if_flags |=3D IFF_RUNNING; > > > > + ifp->if_flags =3D LINK_STATE_UP; > > > > } > > > > break; > > > > > > I'm afraid you're totally wrong here. > > > > > > First, I can't see how CARP is supposed to work on a PLIP > > interface or > > > any point-to-point interface at all. CARP is for broadcast > > > interfaces, such as Ethernet or FDDI, which do ARP. You > > seem to miss > > > the point. > > > > > > Second, you can't store an arbitrary value into a variable or field > > > and expect the things to work right. LINK_STATE_UP simply > > is not for > > > ifp->if_flags. Please make yourself familiar with the basics of > > > computer programming before offering your patches to the community. > > > > > > -- > > > Yar > > > > > > > > > -- > > Joshua Kayse > > Computer Engineering > > _______________________________________________ > > freebsd-pf@freebsd.org mailing list > > http://lists.freebsd.org/mailman/listinfo/freebsd-pf > > To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org" > > > > >=20 > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" >=20 --=20 Joshua Kayse Computer Engineering
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?7c8f27920506131035841d5d0>