Is it possible with Pfsense?

stephenw10

When you run two boxes as a carp pair only one box is active at a time, the other is backup. Thus if you want to use all 10 WAN connections they all have to connect to both boxes.
If you are running these virtualised there is very little point in having them on the same host machine. You would still have the single point of failure.
I'm not familiar with SLES but since you have two nodes I am guessing that's at least two real machines.

What speed are each of these connections?

Steve

dgrunblatt

I see.. so CARP is not for me.. each DSL connection is 5mbps.

What do you recommend for a complete failover solution? (if a wan or server is down, the service is still up but degraded)
Transparent proxy is also desirable if possible.

Regards,
Daniel

stephenw10

If you want a failover solution for server failure then CARP is for you.  :)
http://doc.pfsense.org/index.php/Configuring_pfSense_Hardware_Redundancy_%28CARP%29
It's just more complex because you have a number of WAN connections and you're running virtualised.

To be honest this is beyond my experience.

Transparent proxy and loadbalancing/failover between 10 5Mbps connections should be no problem on any recent hardware.

Steve

dhatz

You might also want to check the high-availability options of your virtualization platform, instead of using CARP between VMs (which also has its place in a setup where downtimes needs to be minimal)

dgrunblatt

I read the docs once again.. checked on the forum… and I'm still not convinced that CARP is the solution for me.. I don't need a stand-by server. I just need n servers connected to 10 WANs with load balancing. So, I believe installing 2 servers with 5 WAN each with load balancing is more than enough for me.

Daniel

stephenw10

If you have, say, 500 users connected to each pfSense instance then if one of those goes down you will have 500 unhappy users. How are you planning to failover those users?
You can mitigate this by using the HA features of your virtualisation server to make sure they never go down as Dhatz suggests.

Steve

dgrunblatt

good point.. what if…

4 virtual servers all with load balance (1 transparent proxy for all the users) with 5 wan on the "active" servers. CARP with the other 2 virtual servers in case something happens.

what do you think about that?

stephenw10

I think… why do you want to have two active servers with 5 WANs on each as opposed to one with all 10?
It will be far easier to setup a transparent Squid proxy if all the traffic goes through one machine.

Steve

dgrunblatt

that's even better!

1 active server with 10 WANs and 1 passive server with CARP.

Excellent!!
Thanks!!
Daniel

stephenw10

Like I said this is beyond my experience so don't thank me yet!  ;)

Perhaps wait for other comments. That's what I'd try though.

Steve