two bridges on an etherchannel link
Hi, I'm working on an high availability bridged firewall solution. Would it be possible to put two openbsd bridged firewall on an etherchannel link (between two cisco switch) and let the switch manage the failover ? Thanks,
Re: pfsync, carp, transparent bridge
I read that "each carp group has a virtual MAC (link layer) address" http://www.countersiege.com/doc/pfsync-carp/ So if you give an ip addres at each bridge, it should work ? And for pfsync, a dedicated network interface with a crossover cable should work too ? Am I wrong ? Sean wrote: Lyle Worthington wrote: Our firewall is ipless, all traffic just runs through it because it is the only way in or out of our network. CARP and pfsync both needs IPs to operate. In pfsync's case, it'll use multicast or a unicast address. For CARP, failover is on a per IP basis and CARP'ed addresses require an address on an existing interface. cheers, Sean
Re: is amd64 a good choice ?
Hi Markus and Henning, Can you give me your opinion about the choice between amd64 and i386 for an openbsd/pf firewall ? As Cedric said, is amd64 better because it can use more than 768M for kernel memory ? Are there other advantages ? Thanks, Alain Markus Friedl wrote: On Wed, Sep 01, 2004 at 11:13:11AM +0200, Mipam wrote: present in OpenBSD, HT will prove usefull as well. Of course it will require a rewrite of the network stack from running under the single Giant kernel lock to permitting it to run in a fully parallel manner on multiple CPUs (as is being done in fbsd). Maybe pf need changing this will not happen in the near future.
is amd64 a good choice ?
Hello, We're working on an openbsd/pf based GigE firewall. I would like to know if amd64 is a good architecture choice ? Will it be better than i386 ? In the pf developer interview, 64 bit architecture is recommended, but they don't really explain why. Thanks, Alain
