[Seattle-SAGE] VRRP or CARP on a bridge interface?

Atom Powers atom.powers at gmail.com
Wed Dec 7 12:50:38 PST 2005


I want a firewall between the 'net and my dmz, but I don't want to put
another router in there. So I figured I would use a bridge, but I
would like to have some redundancy in there.

CARP, with pfsync, should be able to do firewall redundancy quite nicely.

Actually, I may have to use routers; or static routes on all the servers (ick).

On 12/7/05, Cere Davis <ceremona at gmail.com> wrote:
> I like the nature of your question but have a hard time answering it without
> understanding the motivation for it.  Could you explain what you are trying
> to do?   Two firewalls (for failover/loadbalancing) with CARP?
>
>
> On 12/7/05, Atom Powers <atom.powers at gmail.com> wrote:
> >
> > Does anybody have experience with CARP and/or VRRP to make bridging
> > firewalls redundant?
> >
> > Would spanning-tree be sufficient to prevent a broadcast storm? (With
> > or without CARP/VRRP.)
> >
> > --
> > --
> > Perfection is just a word I use occasionally with mustard.
> > --Atom Powers--
> > _______________________________________________
> > Members mailing list
> > members at lists.seattle-sage.org
> > http://lists.seattle-sage.org/mailman/listinfo/members
> >
>
>
>
> --
> Cere Davis
> ceremona at gmail.com
> -------------------
> GPG Key:   http://staff.washington.edu/cere/pubkey.asc
> GPG fingerprint (ID# 73FCA9E6) : F5C7 627B ECBE C735 117B  2278 9A95 4C88
> 73FC A9E6
>
>


--
--
Perfection is just a word I use occasionally with mustard.
--Atom Powers--




More information about the Members mailing list