WolfSec-Support
2013-05-17 11:50:26 UTC
Hello,
found nothing useable till now.
setup in place / clear for me:
- 2 boxes in HA setup / CARP IP only in LAN
- all connections to both boxes via vlans in a failover LAGG on 2 nics per box
- 2 cheap internet links via 2 different providers (cable and pppoe)
- vlan 100 for cable modem (internet A via DHCP)
- vlan 200 for connection to DSL modem internet B
- both boxes see all vlans (LAN and Internet 2x + sync interface)
- all traffic goes trough box master
- box slave only if box master fails completely
wished functionality / setup:
- internet A for all other traffic (surfing / email / vpn) / traffic X
- internet B for a subnet (official IP's of voip provider) only / traffic Y
- so to have no dynamic balancing
- slavebox will be only used if master box fails completely
- masterbox sends all traffic (X and Y) via internet A if internet B
fails / vice versa via Internet B if internet A fails
known:
- internal CARP IP / external not, so:
- sure, internet is NOT stateful in this setup in a case of failover
- VPN will go down and up in case of failover - so also not stateful
version a)
- internet A on both boxes via DHCP (official IP's)
- internet B on master box via PPPoE ( 1 official IP)
- slave box is NOT using PPPoE connection, untill box master fails
- if box master comes back, box slave will disconnect PPPoE, after box
master is up AND running AND back the active CARP MASTER member
- so LAN "CARP BACKUP" can trigger PPPoE down
version b)
same as a)
exception: if PPPoE failover is NOT possible,
- to put in front of PPPoE a cheap DSL-NAT-router
- same setup but internet B is now also via DHCP (different 192.168.x.y/24 net)
- so both boxes have permanent access via internet A and B via DHCP
(sure, in different subnets)
any hints are welcome
thanks in advance
stephan
found nothing useable till now.
setup in place / clear for me:
- 2 boxes in HA setup / CARP IP only in LAN
- all connections to both boxes via vlans in a failover LAGG on 2 nics per box
- 2 cheap internet links via 2 different providers (cable and pppoe)
- vlan 100 for cable modem (internet A via DHCP)
- vlan 200 for connection to DSL modem internet B
- both boxes see all vlans (LAN and Internet 2x + sync interface)
- all traffic goes trough box master
- box slave only if box master fails completely
wished functionality / setup:
- internet A for all other traffic (surfing / email / vpn) / traffic X
- internet B for a subnet (official IP's of voip provider) only / traffic Y
- so to have no dynamic balancing
- slavebox will be only used if master box fails completely
- masterbox sends all traffic (X and Y) via internet A if internet B
fails / vice versa via Internet B if internet A fails
known:
- internal CARP IP / external not, so:
- sure, internet is NOT stateful in this setup in a case of failover
- VPN will go down and up in case of failover - so also not stateful
version a)
- internet A on both boxes via DHCP (official IP's)
- internet B on master box via PPPoE ( 1 official IP)
- slave box is NOT using PPPoE connection, untill box master fails
- if box master comes back, box slave will disconnect PPPoE, after box
master is up AND running AND back the active CARP MASTER member
- so LAN "CARP BACKUP" can trigger PPPoE down
version b)
same as a)
exception: if PPPoE failover is NOT possible,
- to put in front of PPPoE a cheap DSL-NAT-router
- same setup but internet B is now also via DHCP (different 192.168.x.y/24 net)
- so both boxes have permanent access via internet A and B via DHCP
(sure, in different subnets)
any hints are welcome
thanks in advance
stephan