HA LAN interface into Layer 3 switch - InterVLAN Routing
-
Hi,
I am integrating my HA pair of XG-1537's into an existing LAN with several firewalls and PTP routers. I have decided to come in to a Layer 3 switch and set a routed port to the pfSense LAN network.
Is a /29 required for HA or can I have a /24 for the transit network?
- I have defined the VIP LAN IP as .254 on pfSense with a /24 netmask
- Defined primary pfSense as .252
- Defined secondary pfSense as .253
- Defined a port on the Layer 3 switch where the primary pfSense connects, no switchport routed interface with a .1 /24
- What should I define as IP address on the Layer 3 switch that the secondary pfSense appliance is connected to?? .2 /24??
My visual is that if the primary HA member goes down the secondary will switch to the active VIP .254 but the routed port on the secondary switch on the other side of the building will be bound to a different IP than the switch that the primary is connected to.
Static route for the pfSense LAN .254 defined on each layer 3 switch?
Eventually I would like to introduce OSPF into the network using FRR, right now the aim is to tap in and only perform firewall and VPN termination. We have about 10 VLAN's on the internal LAN, that is mainly being handled by the Layer 3 core switches and the existing firewalls and routers.
A very delicate dance.
Thanks!