As it stands right now, IM deals with them interfaces as separate... hence no way to "pair" them up. Solutions:
1. The Packetshaper box itself would have to identify the interfaces as a single (virtual) interface. I know some vendors do this with an "redundant ethernet interface" (which is logical, but represents the status of the 2 links.. as long as 1 is up, the interface is considered 'up', and hence is tracked in IM as a single port). Don't track the physical, just track the "rethX' logical. I don't know if the Packetshaper boxes can be setup in HA mode and thus reflect only a single interface, tho... YMMV. 2. Get the Firewall vendor not to "Drop Link" on passive interfaces.. Instead, keep the Link up, but block in/out instead. Might be worthwhile to discuss this with your Vendor - i.e. Explain your situation to your Firewall Vendor, and the havoc it causes on connected equipment when they "link down" things. I'm sure they have other customers who run into the same problem. 3. Use a different firewall that doesn't drop link on passive interfaces. (ie. Juniper SRX in HA mode... plug..plug.. =)..) 4. IM Feature request =).. "Hey IM, see this interface on this box? pair it with this interface on this other box (or same box if it's a virtual-chassis).".. Much coding required tho. - Chris. On 2012-01-19, at 8:08 AM, Matt Richard wrote: > Hello Intermapper Fans, > > Our Internet connection has a partial mesh topology for connecting our core > routers to the Internet. Each firewall + Packetshaper set is configured in > an active/passive mode. (see the image below, if it makes it out to the list) > > When a firewall changes state from active to passive, it brings down its > inside and outside interfaces to prevent loops. So even though we're fully > connected to the Internet, the passive side will always have a bunch of links > down. > > I'd like a way to define a group of interfaces as a redundant group (such as > "eth19" on both routers, or "Outside" on both Packetshapers). As long as at > least one of the group is up, the map is happy and managers don't ask a lot > of questions. As it is now, any time we do maintenance we need to > acknowledge the interfaces on the standby side before the managers see the > map. > > Is this something we can do today, or does it look like a feature request? > > Thanks, > Matt > > http://img853.imageshack.us/img853/6757/internetu.jpg > > > -- > Matt Richard '08 > Access and Security Coordinator > Franklin& Marshall College > [email protected] > > ____________________________________________________________________ > List archives: > http://www.mail-archive.com/intermapper-talk%40list.dartware.com/ > To unsubscribe: send email to: [email protected] > ____________________________________________________________________ List archives: http://www.mail-archive.com/intermapper-talk%40list.dartware.com/ To unsubscribe: send email to: [email protected]
