From owner-freebsd-questions@FreeBSD.ORG Thu Dec 15 05:35:35 2011 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 72F66106564A for ; Thu, 15 Dec 2011 05:35:35 +0000 (UTC) (envelope-from vas@mpeks.tomsk.su) Received: from relay2.tomsk.ru (relay2.tomsk.ru [212.73.124.8]) by mx1.freebsd.org (Postfix) with ESMTP id B05F68FC1D for ; Thu, 15 Dec 2011 05:35:34 +0000 (UTC) X-Virus-Scanned: by clamd daemon 0.93.1 for FreeBSD at relay2.tomsk.ru Received: from admin.sibptus.tomsk.ru (account sudakov@sibptus.tomsk.ru [212.73.125.240] verified) by relay2.tomsk.ru (CommuniGate Pro SMTP 5.1.13) with ESMTPSA id 22609379 for freebsd-questions@freebsd.org; Thu, 15 Dec 2011 12:35:32 +0700 Received: from admin.sibptus.tomsk.ru (sudakov@localhost [127.0.0.1]) by admin.sibptus.tomsk.ru (8.14.5/8.14.5) with ESMTP id pBF5ZW4m060262 for ; Thu, 15 Dec 2011 12:35:32 +0700 (NOVT) (envelope-from vas@mpeks.tomsk.su) Received: (from sudakov@localhost) by admin.sibptus.tomsk.ru (8.14.5/8.14.5/Submit) id pBF5ZWSb060261 for freebsd-questions@freebsd.org; Thu, 15 Dec 2011 12:35:32 +0700 (NOVT) (envelope-from vas@mpeks.tomsk.su) X-Authentication-Warning: admin.sibptus.tomsk.ru: sudakov set sender to vas@mpeks.tomsk.su using -f Date: Thu, 15 Dec 2011 12:35:32 +0700 From: Victor Sudakov To: freebsd-questions@freebsd.org Message-ID: <20111215053532.GA60131@admin.sibptus.tomsk.ru> References: <20111214050959.GA34547@admin.sibptus.tomsk.ru> <4EE857D3.2060504@gmail.com> <20111214092557.GB38586@admin.sibptus.tomsk.ru> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: Organization: AO "Svyaztransneft", SibPTUS X-PGP-Key: http://www.livejournal.com/pubkey.bml?user=victor_sudakov X-PGP-Fingerprint: 10E3 1171 1273 E007 C2E9 3532 0DA4 F259 9B5E C634 User-Agent: Mutt/1.5.21 (2010-09-15) Subject: Re: carp(4) on FreeBSD 8.2 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 15 Dec 2011 05:35:35 -0000 Matt Mullins wrote: > I've used carp very successfully in the past, both in the standard > mode and ARP load-balancing mode, to build fail-over sets of > firewalls. It worked well enough that one of our firewalls was down > for a week before we noticed (and none of our clients did). I just > did a mock-up of your scenario on a system at home (using the GENERIC > kernel), and it seemed to work for me. > > I see you have a managed switch; you might see if some features like > port security are disabled for that port. It turned out even more interesting. The lab is virtual, and promiscuous mode was prohibited in the virtual NICs' properties on the hypervisor. Thanks to all who responded. -- Victor Sudakov, VAS4-RIPE, VAS47-RIPN sip:sudakov@sibptus.tomsk.ru