A Complete CARP / Failover setup

ezzadin

Hi,

I would like to setup a complete hardware/connection failover… I will be having two connection from two different ISPs...

do I need three pfsense server for this or 2 is enough? and how many NIC do I need to each? what would be the best way to set this up?

is there manual somewhere that I can use? I already have the manual for CARP Cluster but nothing mentioned about secondary internet connection

Thanks all

AudiAddict

http://doc.pfsense.org/index.php/Configuring_pfSense_Hardware_Redundancy_(CARP)

2 pfsense machines is fine.

ezzadin

thanks..

but this document doesn't say anything about having two ISPs though

how that works…do I need to have two WAN per each machine? so that means 4 NIC per each

Eugene

CARP is not for two ISPs but as you fairly mentioned for hardware redundancy. For two ISPs you need LoadBalancer or BGP.

ezzadin

thanks…

ok, so what would I need to setup the loadBalancer? Do I need 1 NIC for pfsync, 1 for the switch and 2 for ISPs? so total of 4 NICs..correct?

ezzadin

does Pfsense supports BGP?

dotdash

OpenBGPd is available as a package.
As for the NICs, you should have one more on each box than you would for a stand-alone system. This would be for a dedicated sync interface between the boxes.

ezzadin

thanks

How is OpenBGPd? have you ever used it? does it work good?

and for the NIC, are you sure that need another one? 1 for syncing, 1 for switch, 2 for ISPs (two ISPs).. total 4 NICs…

Am I missing something here?

dotdash

@ezzadin:

How is OpenBGPd? have you ever used it? does it work good?

and for the NIC, are you sure that need another one? 1 for syncing, 1 for switch, 2 for ISPs (two ISPs).. total 4 NICs…

a) I haven't used it, so I can't comment on how well it works.
b) Yes, 2 WANs, LAN, and SYNC would be four interfaces in each. I generally just use a crossover cable for the SYNC.

ezzadin

do you recommend any two-ports Network adapter? something that works with pfsense

dotdash

I haven't ordered any recently, so I don't know if you can get these anymore. Generally Intel nics are supported, but there are sometimes problems with the newest chipsets. Anyway, I'm running these personally in several boxes, so I'm sure they work with pfSense.
Intel PWLA8492MT Dual 10/100/1000 PCI/PCI-X
Intel EXPI9402PTBLK Dual 10/100/1000 PCI-e
These may be the low-profile numbers, but IIRC, they came with both brackets.
If you don't need GB, check ebay for used dual-port Pro100 cards.

Supermule

Can you run Carp with only one public IP adress???

I have a minor dicussion with our IT expert, and he believes it will take 3 public IP adresses to run carp with 2 pfsense boxes….

What do you guys say about that???

dotdash

Your IT expert is right. He is the expert after all.
(OpenBSD has CARPdev, which allows you to run a cluster with one public IP, but FreeBSD does not have this functionality yet)

Supermule

Super! I need to get more beer then…. :D :D

@dotdash:

Your IT expert is right. He is the expert after all.
(OpenBSD has CARPdev, which allows you to run a cluster with one public IP, but FreeBSD does not have this functionality yet)