[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: ISP Design validation and questions

Henry-Nicolas Tourneur wrote:
Currently, That's a very important part for me. I were told that using
either VRRP or ethernet
bonding, I will get one single virtual mac address. So in both case, server
or firewalls won't need
to update their arp table because the matching virtual mac -> ip adress will
stay valid.

Yes, that's right.

Therefore, the question would be : what is going to happen in order to
update automatically the mac table
on switches ?

You'll want to speak some variant of STP on the switches. But that's not rocket science - we have quite a few Red Hat HA-Clusters running their internal LAN over a pair of pretty "stupid" Intellinet switches and it "just works" - can pull a cable without losing more than one ping.

Another question :
If I don't use arp options, my ethernet bonding will only be carrier sense,
no ? If I want it to test the complete path to the firewalls and switch to the other interface if
the path faill, I should
use those options, correct ?

Yes, the arp_* options do add some minimal level of security, though I have not yet encountered a scenario where they were really needed.


Reply to: