Thank you for pointing me to the FAQ. It states, "...but we cannot use a physical interface as the link might be down, in which case the address would not be reachable." When I used bridges, this was never an issue; I just assigned an IP address to one of the NICs. This was also long before the availability of vether(4). And also, the individual segments were never expected to be down.
My pair of Alix 2d13s are configured without bridge(4), though I do have a bridge -- for WiFi.
- The vr0 NICs are connected to a switch which is connected to a DOCSIS3 cable modem. The ISP requires a DHCP lease, which prevents the use of carp(4) on this network. The master firewall maintains the lease, and the master/slave switchover is via ifstated(8), which is driven by changes in state of carp(4) on vr1, and switches MAC addresses and reestablishes the lease on failure of the master.
- The vr1 NICs are connected to a second switch, and use carp(4) for redundancy. This is the home network, and there is a WiFi bridge attached to this switch.
- The vr2 NICs are directly interconnected, and are used for pfsync(4) and dhcpd(8) sync.
From left to right: switch, cable modem, Alixes, switch, WiFi Bridge. This image is being served to you from one of the two Alixes.
