> -----Original Message----- > >> -----Original Message----- > >> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf > >Of > >> Rod Whitworth > >> Sent: Tuesday, October 28, 2008 11:49 PM > >> To: Miscellaneous OBSD > >> Subject: Deploying carp with limited global IPs > >> > >> In preparing for a possible carp redundacy setup for a client's border > >> router/firewall I have found no information so far as to whether it is > >> possible to have carp working where the link to the ISP is a /30. > >> > >> Every example I have found in presentations and tutorials has used 3 > >> IPs on a typical dual firewall setup. So they assume (all fictional > >> addresses here) something like 4.3.2.1 is the upstream router, with .2 > >> for the $ext_if in unit 1, .3 for $ext_if in unit 2 and .4 for the > >> carp0 in each. > >> > >> With a common enough point-to-point /30 link where upstream is .1 and > >> the firewall is .2, what can we use in hostname.xx0 in each of the > >> firewalls? No more IPs are available from the ISP apart from a routed > >> subnet that is expecting to arrive via .2. > > > >I've used the following for a while (naturally this assumes that the ISP > >link is delivered via some shared medium and not a point-to-point link) > > > >/etc/hostname.xxx0: > >up description "to ISP" > > > >/etc/hostname.carp0: > >inet 192.168.1.2 255.255.255.252 192.168.1.3 vhid 1 carpdev xxx0 > > Sorry, but I don't get what your suggestion can do for the case I > proposed. > Maybe I'm dense. > Assuming my link is 4.3.2.0/30 the upstream router is 4.3.2.1 and I > have no choice but to use 4.3.2.2 as my $ext_if. How does that work > with your example?
I must be missing something then. Why not use 4.3.2.2 as the carp interface IP and no IP address on the physical interfaces? I'm not sure how well this will play with OpenBGPD, someone else will have to chime in there. -Steve S.
