IPv6 + HA + CARP Concerns

  • Hello all -

    Recently set up pfsense to migrate from my old ASA. Since I want this in an HA config separate and apart from my SAN I built a pair of individual VMs on two of my cluster hypervisors individually. I'd prefer not to include it in the failover cluster itself but think that I might have to because pfsense doesn't seem to be happy in my environment.

    In a standalone config I have everything working the way I want it to - that is to say full IPv4 parity to my ASA and proper utilization of my static IPv6 block from Comcast.

    I'm concerned, however, that IPv6 using PD from Comcast (as their gateway device doesn't support static IPv6 routing - ugh) is not working properly with HA failover. That is to say that when I tested failing to the backup, IPv6 did not work and when I brought the master back online the backup remained primary for IPv4 but the master was primary for IPv6 resulting in some heartburn trying to figure out what was going on.

    (This leads into a further discussion about HA sync and how it seems a bit hokey as far as configuration management between master/backup)

    Am I expecting too much from pfsense for it to manage this kind of IPv6 config in an HA fashion?


Log in to reply