Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Feedback request on redundant design - SG-4860 cluster & Brocade IC X6450 stack

    Scheduled Pinned Locked Moved Problems Installing or Upgrading pfSense Software
    1 Posts 1 Posters 449 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • N Offline
      nicholfd
      last edited by

      This installation is for colocation at a data center for a medium size company (500M USD sales per year) that has no existing WAN or central data center.  The project that is pushing this is a PDM/PLM implementation for 6 x sites.  Redundancy is desired for the data center.  Future projects are expected to use the same infrastructure being installed now.  Internet connectivity is 2 x 1 Gb handoff, paying for 100Mb, burstable at additional cost.  They are providing a /29 IPv4 range and a /56 IPv6 range.  The initial configuration will just be IPv4, but IPv6 needs to be kept in mind.  Initially there will be 3 x servers installed:

      • DB server

      • App/Web server

      • Backup server

      • Tape library connected to Backup server via SAS

      All of the above equipment has management ports.  The Brocade ICX 6450 switches have an out of band Gb Ethernet management port.  The ICX 6450 switches are a true stack, connected via 2 x 10Gb SPF+ cables.

      The 3 x servers have 4 x NICs each.  The ides is to have all 4 x NICs teamed at the Windows OS level, with 2 x NICs connected to each ICX 6450 switch in the stack.

      The pfSense boxes were purchased as the HA bundle including 2 x rack mount SG-4860s.  CARP will be used for all redundant connections.  All shared CARP addresses are ".1" addresses.

      From the design, I'm expecting redundancy at the SG-4860 level - either SG-4860 should be able to be dead/updated/power cycled and no loss of service.  I expect the same type of redundancy at the switch level - either switch in the stack should be able to be dead/updated/power cycled and no loss of service.

      I have reviewed the pfSense HA guide and gone through the pfSense implementation in VMs.  My biggest question/concern is with the LAGG group from the pfSense boxes to the Brocade ICX 6450 - is this the correct way to achieve the above goals?  I've dealt with this type of redundant configuration with all Cisco equipment, but had no visibility into the FW side (host provided ASAs).

      I'm looking for feedback and comments in general.  I would especially like thoughts/comments regarding the LAGG group, redundancy & personal experience.

      Thanks in advance,
      Frank
      ![USNDC Network Diagram.png](/public/imported_attachments/1/USNDC Network Diagram.png)
      ![USNDC Network Diagram.png_thumb](/public/imported_attachments/1/USNDC Network Diagram.png_thumb)

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.