On Tue, May 13, 2014 at 4:58 AM, Magnus <mag...@tokra.org> wrote: > Hello Misc-Users, > > I'm looking in to the possibility to do multihoming (more than one isp) > on a Carp setup. > To do live failover if one isp goes down, the other takes over. > Just as carp does if one of the routers goes down.
You can do this with OpenBGPd, but CARP can only fail out between two routers sharing the same IP (at its most basic setup, more complicated setups are possible, obviously). If both ISPs are routing to the same netblock, then you can fail in the way you want. Otherwise, take a look at ifstated(8), and modify your routing tables or do dynamic routing. > I'm thinking that in combination with ifstated it might be possible, but > have yet to find someone that has actually done it sofar. A solution I've used in the past is a controlled endpoint that represents the exit for the network. The ISPs acted as pure transit for the external network, the VPN carried to a common end point(s). > Next issue if the first one is possible. > > The proposed router in question is a IPSEC gateway, with several nodes > connected to it. > Fail over here with just the carp and one isp is no issues. > But if the remote node, has only one isp, and it has no carp or such, > its just a plain obsd box running a site-to-site tunnel, > routing everything (0.0.0.0/0) over the tunnel. > How would one manage to do a failover to the second isp of the above > box, without loss of the tunnel during fail over. Take a look at sasyncd(8).
