Re: ISP Design validation and questions
Henry-Nicolas Tourneur wrote:
Currently, That's a very important part for me. I were told that using
either VRRP or ethernet
bonding, I will get one single virtual mac address. So in both case, server
or firewalls won't need
to update their arp table because the matching virtual mac -> ip adress will
Yes, that's right.
Therefore, the question would be : what is going to happen in order to
update automatically the mac table
on switches ?
You'll want to speak some variant of STP on the switches. But that's not
rocket science - we have quite a few Red Hat HA-Clusters running their
internal LAN over a pair of pretty "stupid" Intellinet switches and it
"just works" - can pull a cable without losing more than one ping.
Another question :
If I don't use arp options, my ethernet bonding will only be carrier sense,
no ? If I want it to
test the complete path to the firewalls and switch to the other interface if
the path faill, I should
use those options, correct ?
Yes, the arp_* options do add some minimal level of security, though I
have not yet encountered a scenario where they were really needed.