We have setup carp on a pair of firewalls and are a bit confused with
how both LAN/WAN interfaces are meant to fail-over simultaneous
(group?). We are still in the process of getting the firewall rules
setup correctly for our environment and occasionally when we make
changes to (fw1) we mess up and carp kicks in and makes the live wan
(em2) interface move from fw1 to fw2. This is OK but on the LAN side the
(em0) interface is still on fw1?
We have net.inet.carp.preempt=1 set and I belive this is ment to do some
group interface failover but can't see how. Can someone help ?
+----| WAN |----+
| |
em2| |em2
+-----+ +-----+
| fw1 |-em1----------em1-| fw2 |
+-----+ +-----+
em0| |em0
| |
---+------- LAN -------+---
Thanks
Keith
