[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Redundant interfaces

In article <[🔎] 170301198700.20020911105348@milliways.cl> 
smartin@milliways.cl writes:
>I have installed and configured a firewall using woody and the
>standard 2.4.18 kernel that comes with it. I am using iptables.
>
>The server has 2 interfaces, and I now have the requirement of setting
>it up so that the 2 interfaces have the same IP, so in case one of the
>cards, or associated hardware, goes down then the firewall stays
>visible.

Using the same IP on multiple interfaces on different segments works
just fine.  (Except dhcpd, which doesn't understand this configuration.)
Proxy arp routing is used, so no other system needs to know about this.

For backup use, I'd configure them both with the same ethernet address
and leave one down until it looks like the other has failed.  However,
I wouldn't recomend this configuration, since it adds additional
possible failures (of the switch code) when the situation being
allowed for is unlikely.  If you are that parinoid, you should have
duplicate segments throughout your network.

-- 
Blars Blarson			blarson@blars.org
				http://www.blars.org/blars.html
"Text is a way we cheat time." -- Patrick Nielsen Hayden
Reply to: