Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    A lot of CARP VIPs - VHID and password

    Scheduled Pinned Locked Moved HA/CARP/VIPs
    2 Posts 1 Posters 1.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      Jeff W
      last edited by

      Hi,
      There are a few things that I’m unable to find in OpenBSD / pfSense documentation about CARP. Could you please help me with that?

      VHID
      I have firewall HA pair with WAN and multiple LANs
      (multiple VLANs on LAN interface, each VLAN is a different subnet for different group of devices that may / may not (FW rules) communicate between each other)
      I assume that all LANs (all VLANs) may have same VHID since they are on separate layer 2 network. Is that correct?
      Now It’s not a problem to setup different VHID for each but in future I might have for example 300 VLANs and I won’t have available VHID numbers.

      Password
      Is it OK to generate 64 characters long random string for each VIP?
      I’m not sure how CARP works and it might for example send the password every second and 64 characters might be performance issue…

      Thank you.

      1 Reply Last reply Reply Quote 0
      • J
        Jeff W
        last edited by

        I tested same VHID on different VLANs and it works so my assumption is correct - you can have same VHID on different L2 networks.

        But I still don't know about the password. How does password work? Is it good idea to use long 64 characters string or is it better to use something shorter?

        Thank you

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.