Does a CARP setup requires WAN IPs to be on the same subnet as WAN VIP?
-
@KOM:
For CARP virtual IP, yes. All other virtual IP types, no.
Not in 2.2.x
You can now have CARP VIPs in a different subnet than the WAN. -
Thanks, I didn't see that caveat.
-
Thanks, that is great news 8)
-
Why would you not just use 3 addresses from your /28? Just give back the /30 or ask that it be routed to your CARP address instead?
Or, better yet, ask them to make the /30 a /29, use that for WAN and ask them to route the /28 to that CARP address.
I guess I don't get why you'd want to do what you're asking…
-
I don't know yet what addresses they can "give" me, the /28 example is one offer I know they have ("Extra 8-IPs pack") but they can be more: So I'm taking informations about what pfSense supports and don't.
I don't know if they can route my public IP (1.2.3.102) to an other IP and I don't want to change public IP (lots of external out-of-my-hands services use it).The really simple and cheap method is to buy a very simple router, place it where my actual pfSense box is (at 1.2.3.102/30) and create a 192.168.0.0/24 network for my 2 pfSense box and the CARP virtual IP (transforming the public IP problem into a private network problem).
Only drawback: I would have a single point of failure, but it's more or less already the case considering their gateway. -
If they are calling a /28 only 8 IP addresses it sounds like they are anticipating VRRP/CARP on both sides anyway: 3+3+8 = 14.
-
Oupps… Typo their 8 IPs pack is a /29 (not a /28).
My original post used /28 as a general example.
-
Hmm. A /29 is not 8 usable IP addresses unless it's routed to you. They kind of need to get their act together.
-
Hmm. A /29 is not 8 usable IP addresses unless it's routed to you. They kind of need to get their act together.
It is indeed a routing: I got 8 different public IPs and it all goes to the 1.2.3.102/30.
-
Hmm. A /29 is not 8 usable IP addresses unless it's routed to you. They kind of need to get their act together.
Nope they don't. A pity but quite a few ISPs or Hosting Providers will give you 8 IPs but not route them in a clean way. Either some hack'n'slash P2P Host Routing is done or you get 8 single IPs from different segments. No one said those 8 addresses are from the same block. I know quite a few german (big) hosting companies working that way and it is annoying as hell from a networking perspective. So I won't get my hopes up until I read someone cleanly stating that it actually is a /29 IP block.
