Carp with routed wan
-
Hi,
I'm currently orchestrating the move of half of my dc estate to a new transit provider. Currently I have a pfsense 2.0.1 cluster and it has served me well. My current provider presents me an IP range directly on wan interfaces with no isses,
My new provider will only present my range on a /30 routed range. I've asked for a /29 and I'm awaiting a response. Ideally I don't want to introduce another pair of boxes before my main cluster, but I still want to do carp for redundancy.
From what I've read 2.2.4 should work in this configuration, but wanted some clarification that I can use carp VIPs with a routing range.
Any help appreciated.
Steve
-
They should have no problem making that a /29 instead, that's also a requirement with VRRP and HSRP, so datacenters are familiar with it. Just have it routed to a CARP IP.
-
Cool so just be sure assuming they give me a /29 (using fictional IP)
Master 1.1.1.2
Slave 1.1.1.3
Carp 1.1.1.1
DC gateway 1.1.1.4Route my RIPE /21 to 1.1.1.1 and all is well.
I'm assuming I'd just configure my virtual ips (from my ripe range) as carp in the vip table?
-
Another thought…. I should be able to nat with these routed ips shouldn't I?
-
Cool so just be sure assuming they give me a /29 (using fictional IP)
Master 1.1.1.2
Slave 1.1.1.3
Carp 1.1.1.1
DC gateway 1.1.1.4Route my RIPE /21 to 1.1.1.1 and all is well.
Correct.
I'm assuming I'd just configure my virtual ips (from my ripe range) as carp in the vip table?
Use type Other VIPs if you're just using for NAT. If public IPs directly assigned on an internal interface, then you want a CARP VIP on that subnet on the internal interface.