Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    PfSense CARP and Switch Redundancy

    HA/CARP/VIPs
    2
    3
    1.5k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      sepp_huber
      last edited by

      Hi,

      we have a CARP setup with our own built "cheap" hardware with 4 network interfaces on each box for WAN,LAN,DMZ,GUESTWLAN.
      For our uplink we have one switch, which connects the WAN link of the two pfSense nodes and the two lines of the provider.
      The fiber uplink line is major and the other sdsl line is backup (one gateway VRRP-IP from the provider).
      The only single point of failure is the uplink switch which brings it all together.

      So my question is:
      What are the solutions with pfSense to get rid of this single point of failure?
      Two network cards for the uplink with bonding with LAGGS and two switches?
      Are there any other solutions without two network cards for the problem?

      Thanks.

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        LAGG/LACP and multiple switches is the standard way to address that level of redundancy.

        You could lagg ALL your ports together (or make two groups of two: one pair internal, one pair external) and use VLANs to segment internal traffic, or any similar combination.

        You could also have one switch on the primary, one switch on the secondary, and then something linking those switches together upstream, but it's not as robust as LAGG/LACP.

        Remember: Upvote with the šŸ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • S
          sepp_huber
          last edited by

          Thanks for your reply, the "VLAN" thing would be one alternative without an additional network cardā€¦ but at the moment we do not have any VLANS and no switches which support VLANS.
          Meanwhile I have contacted our provider: the only possibility with our line solution are two network interfaces and two switches for WAN access.
          Every provider line(Router) is connected to a MASTER and a BACKUP switch. The switches are connected together.
          Because we also use cheap switches the solution for us is to use the LAGGS in pfsense (we already have them configured because of CARP and pfsync).Ā  So we will use a second network interface in the LAGG in failover mode for WAN access and both pfsense nodes are connected to both switches.
          The only problem is to get some old supported PCI dual network cards... because the hardware is ancientĀ  ;D
          I found this old compatibility list https://forum.pfsense.org/index.php?topic=25.msg58#msg58Ā  ....

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.