What is CARP
-
ive read that CARP can be used to load balancer or as a fail over if your primary WAN fails,
if you use it as a failover do you require another pfsense firewall in your building or can you configure it on the same piece of hardware so it just uses the other configured WAN NIC2 instead of default WAN NIC1
if you use it as a load balancer what are the advantages of this?
-
We use CARP mode of pfsense in order to have an automatic failover for the pfsense-system itself. So, if our (master-)pfsense-hardware fails, the OTHER (backup-)pfsense will take over the all services. And this works very fine. It needs 2-5 seconds to switchover.
All settings you make on the master-gui will be synced through one dedicated network interface called sync the the backup-pfsense.
So you need: two pfsense-systems and each of them should have one more network-interface. You need also two more IP-Adresses for WAN (and of course also for LAN).
You get: very much better sleep.If you use CARP for load balancing, you can have two identic servers with your shop and incoming request will be distributed between these two servers.
CARP is a protocol and is for "Common Address Redundancy Protocol".
Hope it helps.
Fred -
so i presume you need 3 WAN ip addresses from your ISP, 2 for the physical boxes (WAN) and one for the Virtual WAN IP?
-
Correct!
Fred -
thank you very much dark.fibre!
i found a really good how to about it aswell -
http://www.howtoforge.com/how-to-configure-a-pfsense-2.0-cluster-using-carp
-
You can use a single WAN IP with CARP if you expand your WAN Subnetmask (Nasty Trick ;-) ). Tested with pfsense 2.1.4
Example:
WAN:
IP 20.20.20.1 /30 ISP Router
20.20.20.2 /30 Your RouterPfsense Config:
20.20.20.1 /30 ISP Router (Your ISP don't change the Router mask)
20.20.20.2 /29 CARP IP
20.20.20.3 Don't use this broadcast IP
20.20.20.4 /29 Pfsense 1 - WAN Interface (also set upstream gateway 20.20.20.1 in the wan interface)
20.20.20.5 /29 Pfsense 2 - WAN Interface (also set upstream gateway 20.20.20.1 in the wan interface)Now you mus add a static ARP Entry for the ISP Router under Service -> DHCP Server -> Bottom (Because of ARP request from .4. und 5. that don't work).
I have set up a manual outbound NAT rule for source: any any and NAT Address: CARP Interface 20.20.20.2.If Pfsense 1 is active Pfsense 2 has no internet connection for DNS and NTP.
Set up pfsense 2 to this DNS
1. 192.168.5.1 (internal pfsync inteface for pfsync 1)
2. 8.8.8.8
Set up pfsense 2 to this NTP
1. 192.168.5.1 (internal pfsync inteface for pfsync 1)
2. external NTP Server IPI dont use the arping tricks from other threads. I dont use gateway groups. Gateway Monitoring is active, with no special "monitor ip".