HA AND VLANS



  • Hello

    When Creating a VLAN to PRIME shouldn't be synced to the BACKUP ?

    EDIT
    Should I create a VIP for a VLANS



  • I personally choose NOT to sync Virtual IPs, and create the config on each device as it allows better control of VIP's ADV Frequency and Skew values.

    Yes, each VLAN should have its own VIP, assuming that will be the default gateway for the devices on that VLAN.
    Also, you must use a different VHID for each VLAN.


  • Netgate

    No. Things like interface configurations are not synced. You need to add them to primary and secondary in the same order.

    1. Create the VLAN on the primary
    2. Create the VLAN on the secondary
    3. Assign, number, and enable the interface on the primary
    4. Assign, number, and enable the interface on the secondary (note this cannot be synced because primary and secondary get different interface addresses)
    5. Create CARP VIP on primary - this is synced to secondary.
    6. DHCP, Firewall rules, etc. All synced.


  • @derelict Ok that's perfect
    and then OUTBOUND NAT set to a WAN VIP right.

    also I have 2 public getaways with 5 IP addresses each can I set different getaways on primary and then the other for the primary or HA is not design for that?


  • Netgate

    Outbound NAT needs to be set to a WAN CARP VIP (Or IP Alias riding a CARP VIP) so when an HA failover happens, the VIP swings and the states on the other node match.

    HA can do Multi-WAN. Just do the above for both WANs.



  • @derelict It is amazing now I can finally shut down my DELL R210 II and upgrade the memory and remove that 12 TB HDD from there without down time, witch I was planing to do from a very long time

    Thank you