Re: Solaris IPMP + Spanning Tree & PIX w/Failover

From: Nick Allen (jnallen@swbell.net)
Date: 04/22/03

• Next message: Bill Unruh: "Re: unix passwords"
• Previous message: Alan J Rosenthal: "comp.security.unix and comp.security.misc frequently asked questions"
• In reply to: phusnikn: "Solaris IPMP + Spanning Tree & PIX w/Failover"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: "Nick Allen" <jnallen@swbell.net>
Date: Tue, 22 Apr 2003 16:17:01 GMT

"phusnikn" <phusnikn@cynikal.net> wrote in message
news:zF2pa.15301$7M5.1077446@twister.nyc.rr.com...
> I'm doing switch redundancy using spanning tree, & IPMP (IP Multipathing)
on
> my solaris boxes each interface is going into seperate switch i'm running
> into an issue where if a firewall goes down the failover firewall comes
up,
> it stops sending packets to one of the switches basically the switch will
be
> down but to the host connected it, it looks up so IPMP will not failover
the
> interface and send traffic over the other interface over the 'good switch'
> is there any workaround for this ? ie. Can I have it so that the switch
> automatically downs all interfaces on that switch ? or have IPMP some how
do
> some magic and failover once this switch is no longer getting packets ?

If the IPMP interface never looses link, then the switch has not failed.
Your secondary firewall might be preventing you from talking. I think the
test you should be looking at is: What does the "standby" link of the
spanning tree do when the primary firewall fails. If it stays down, then no
traffic will use it. Now, I've never seen spanning tree using firewalls,
I've only seen it connecting routers. I'm not saying it won't work, just if
it does, then there may be some differences.

Nick

• Next message: Bill Unruh: "Re: unix passwords"
• Previous message: Alan J Rosenthal: "comp.security.unix and comp.security.misc frequently asked questions"
• In reply to: phusnikn: "Solaris IPMP + Spanning Tree & PIX w/Failover"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: One workstation cant access email from ISP - CROSSPOST ... Remove or disable the ISA Firewall client. ... Ethernet adapter Wireless Network Connection: ... Switch is nothing more than a patch panel; ... port - same result. ... (microsoft.public.exchange.admin) Re: Single Firewall Deployment ... then two interfaces would be on two separate subnet. ... the redundancy of the single point of the switch? ... If your firewall only has a single inside LAN interface then you can only ... (comp.dcom.sys.cisco) Re: Netgear WGR 614 Capabilities ... The spec sheet says it is a "true firewall" ... It is configured via a web browser interface? ... capable of doing SPI at that speed at all. ... If the device is working as a wired switch (IE, ... (comp.security.firewalls) RE: firewall setup ... Connect eth2 to the switch with your servers and eth1 to the switch going to ... firewall and still keep their names. ... to facilitate one-on-one interaction with one of our expert instructors. ... Attend a course taught by an expert instructor with years of in-the-field ... (Security-Basics) Adjunto 24k ! Error conexión remota 2003 SBS ... He habilitado la conexión remota de sbs 2003 para trabajadores que acceden ... Servidor 2003 SBS con 1 tarjeta de red, IP de clase C, conectada a switch ... Internamente desde Lan funciona todo a las 1000 maravillas. ... Problemas del firewall? ... (microsoft.public.windows.server.sbs)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint