> > 10.0.0.1 is master of CARP 10.0.0.3 and 10.0.0.2 is master of CARP > > 10.0.0.4. > > Then, use rdr load balancing on the firewall to hit the .3/.4 CARP > > addresses, instead of the server addresses. > > > At first glance this looks like it would work
Yes, this works nicely. > It might work, but carp itself has a basic load balance (based on > hashes of the source IP) in itself. Not quite: based on hashes of source *MAC*. Thus, it's only useful within a subnet. OK for routers but not so useful for internet web servers.