CARP WAN 3 IPs - DHCP assigned
-
Till recently I had 1 WAN IP dynamically assigned through ISP DHCP but mostly static through the years unless I change the NIC. A recent upgrade has got me a router modem (now in bridge mode) which has 4 LAN ports. I plugged in a laptop to the second port and found it assigned a new routable/public IP in the same subnet. This led me to do more research on CARP as I had been looking for a backup system to keep my super busy home network running without any downtime.
After reading through a lot guides and posts, I understand that I need 3 WAN IPs for CARP. Getting the 2 pfSense systems a public IP won't be an issue as keeping the WAN interfaces on DHCP mode will pull the IP address from the ISP DHCP. But how do I get a static WAN IP or even get an ISP DHCP assigned routable/public on the third WAN interface? If I am not mistaken, the third WAN interface is a Virtual Interface configured on primary which propagates to the secondary with replication.
Also, initially the modem was acting as the main router and was handing an internal non routable 192.168.x.x address to pfSense. I changed that to bridge mode-non routing and that bought things back to normal and I saw the very same IP as I had before the upgrade.. makes sense as I had the same NIC assinged for WAN. I think it has another option of bridge mode-routing. Will that help in my case? If yes, how would I get the third WAN IP assigned to the virtual interface?
-
CARP isn't really a third interface, it's a Virtual IP Address or VIP. Both nodes know about the VIP. The Backup doesn't respond on the CARP MAC address or IP address until it detects a master failure.
I don't think you can use a DHCP-assigned address for CARP. Best thing would be a /29 static WAN network from your ISP.
-
Urgh.. Dont think they provide static IPs.. well not for my internet package at least.
How does the VIP communicate? Let's say I got an IP from my ISP how would it get assigned to the CARP? It has to go through a physical interface to get assigned to an interface on the router.. right?
Is there a way I could pull an IP based on the VIP mac address and then assign it manually. In my experience, ISP IP addresses are tied to the mac address and stays the same for a long time.
-
You assign a VIP to a physical NIC. A typical CARP setup has the two nodes with IP addresses on the same network, say .2 and .3. Then on the primary you assign a CARP VIP (say .1) to the same physical interface. Whichever node is actively servicing that VIP is the current Master.
I think you are in for a long, hard journey trying to get CARP working on DHCP interfaces.
-
When you say same physical on primary, does it have to be that very physical WAN nic port? Can I use another physical (not VLAN) OPT/port (which has it's own MAC) to get an ISP DHCP IP and then use that MAC on the VIP assigning the DHCP assigned address as static? That way the ISP DHCP will think its the same physical NIC and keep servicing it with the dynamic IP for a long time.
-
The same interface, yes. That's how it's usually done. I wouldn't waste a second trying to do what you're thinking of. I doubt it can be done. Hopefully cmb chimes in shortly.
-
What if I add simple non-NAT router with DHCP between the ISP modem and pfSense? I know it adds a single point of failure after the modem but it can just hand 3 IPs which are non routable but still keep a single public IP on its WAN interface.
Is this doable?
-
@Asterix We you ever able to get CARP working with DHCP assigned addresses? I'm in exactly the same situation.
-
I'm now wondering the same thing...
Did anyone get this to work?
-
Yes. consumer router between ISP modem and both pfsense. set the carp WAN IP as DMZ so you don't run into double nat scenario, and if you wish set the consumer router to hand out the same IP each time to each pfsense box. works like a charm. Yes, single point of failure in the consumer router, but with no rules or anything on it it's easy to swap out if you have a failure. perfect for home use or work.