Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 5 Dec 2007 11:49:35 -0800
From:      "Michael K. Smith - Adhost" <mksmith@adhost.com>
To:        <questions@FreeBSD.org>
Subject:   PF - Carp and vhid limitations
Message-ID:  <17838240D9A5544AAA5FF95F8D52031602E54396@ad-exh01.adhost.lan>
next in thread | raw e-mail | index | archive | help 

--PGP_Universal_B7016C92_096A971C_B8FC0AEF_3200D5CE
Content-Type: text/plain;
	charset="utf-8"
Content-Transfer-Encoding: QUOTED-PRINTABLE

Hello All:

I'm interested in using PF to front a web farm where there will be lots of =
static IP addresses for SSL affinity.  As such, I expect to have many more =
than 255 CARP interfaces.  But, as I understand it, I'm limited to 255 vhid=
's and I have to have a discreet vhid per CARP interface.

Is there a way to configure my CARP interfaces such that I can get around t=
his limitation?  Right now, I configure everything as:

ifconfig_carp5=3D"inet 192.168.1.2 netmask 255.255.255.192 vhid 5 advskew 0=
 pass mypass"
ifconfig_carp6=3D"inet 192.168.1.3 netmask 255.255.255.192 vhid 6 advskew 0=
 pass mypass"

and so on.

I'm wondering if there is a way to alias IP addresses in the same subnet "i=
fconfig_carp5_alias" or something similar.  It seems like there is a reuse =
mechanism in OpenBSD because you can associate a carpdev to the entry, but =
I don't see that in FreeBSD.

Regards,

Mike
--
Michael K. Smith, GISP
mksmith@adhost.com
w: +1 (206) 404-9500 f: +1 (206) 404-9050
PGP: B49A DDF5 8611 27F3  08B9 84BB E61E 38C0 (Key ID: 0x9A96777D)



--PGP_Universal_B7016C92_096A971C_B8FC0AEF_3200D5CE
Content-Type: application/pgp-signature;
	name="PGP.sig"
Content-Transfer-Encoding: 7BIT
Content-Disposition: attachment;
	filename="PGP.sig"

-----BEGIN PGP SIGNATURE-----
Version: 9.7.0 (Build 867)

iQEVAwUBR1cAz/TXQhZ+XcVAAQjRKwgAkb/FAvgP95CYZI1rhUZljuB8EHeYkW8U
1GbF29IjINjR6h7z6oEsnyWc5b811MACab6wVebgCz5BHURJIDEAhzVjDE32tis8
XiBO3ZjsmHtuA3ECXcXurIpDbOTAr08xrPuAPj6YCPRuiR3/Yoa9BH0Zpf2Ph2ZI
md+ymNt8rVxomqHGBdUK8+ZiqnAymRu8kgV5K2t8To/5wUejUPhkXZkDl8MN3hMW
kmkLOSx4799bQaB1NME2hoYQ3HUwQBCABWXEI+cbhb0E5BmWHWP1VsDjLtR1jL2B
72cOfY+7ubcdbTxhj/yXK+MuFAVdNxKyB+GuJq9BTtnXUQS5JUoPuw==
=+JGb
-----END PGP SIGNATURE-----

--PGP_Universal_B7016C92_096A971C_B8FC0AEF_3200D5CE--

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?17838240D9A5544AAA5FF95F8D52031602E54396>