Pfsense multi wan & lan with carp failover



  • Hello.

    I'm thinking of setting up a small hotel network behind a PfSense box and was wondering if the following is bossible to achive.

    2x WAN :

    One would be the primary connection and the other one is a backup radiolink.

    If the primary ISP fails it would have to let only the most important traffic through the radiolink.

    2: LAN

    One lan for guests and other for internal network.

    Bossibly later we would like to seperate Sonos (audio) and Playstation (video) network from the guest lan aswell but thats not a priority.

    I know that dual wan is bossible guestion is, if it's bossible with dual or more lan's aswell?

    Would it be bossible to create rules depending on the wan connection availability?

    Is it bossible to but all that into Carp failover mode aswell to be extra safe?

    Would greatly appriciate for some insight on that.
    Cheers



  • possible

    Yes you can have multiple LANs with multiple WANs.

    Yes you can make rules that route depending on which WAN is up.
    Look at the balancing/failover functionality.

    CARP failover is for hardware fails (hardware redundancy).
    Not for WAN failover.
    But yes you can have redundant hardware for multiWAN.



  • Yes i understand what Carp is for just my poor communication i guess.

    Thank You for the positive answer.

    One more: To connect the two redundant Pfsense boxes into all the lans and wans i use switches right?

    english is not my first language.



  • Yes.

    But make sure you have enough addresses.
    Example:
    For a cluster with 6 nodes you need 7 IPs.
    –> One shared address and an address per node.



  • Thank You again

    Can't really understand what you mean by nodes and cluster?



  • @http://en.wikipedia.org/wiki/Common_Address_Redundancy_Protocol:

    A group of hosts using CARP is called a "group of redundancy". The group of redundancy allocates itself an IP address which is shared or divided among the members of the group. Within this group, a host is designated as "Master". The other members are called "slaves". The main host is that which "takes" the IP address. It answers any traffic or ARP request brought to the attention of this address. Each host can belong to several groups of redundancy. It should be noted that each host must have a second unique IP address.

    A common use of CARP is the creation of a group of redundant firewalls. The virtual IP address allotted to the group of redundancy is indicated as the address of the default router on the computers behind this group of firewalls. If the main firewall breaks down or is disconnected from the network, the virtual IP address will be taken by one of the firewall slaves and the service availability will not be interrupted.

    group = cluster
    member of group = node


Locked