Using HAproxy on a CARP/HA firewall cluster?

  • Will it work running HAproxy on a pfsense cluster (pfsense is CARP/HA)?
    We have a working pfsense CARP/HA installation today.

    Do I need to do anything special for HAproxy on the backup to resume the work of the primary when it fails over?

    Or is this a bad idea?

  • @pete-s
    It works.
    You can choose to monitor a carp-interface, in which case haproxy will only run on the node that is 'master'.. Otherwise it will run on both, and perform health-checks from both.
    If you have stick-tables you want to keep synced youl need to have it running on both nodes, and the sync configuration could be a bit tricky (not really supported in the webgui though with some manual advanced texts there is almost nothing thats impossible ;) ..),

    Anyhow if you are only requiring that haproxy runs with the same config on both nodes that should be easy.. Just make sure to enable the 'config sync' checkbox only on the master node.

    p.s. in any case, all active connections will 'break'.. and need to be re-established when a failover happens.. it wont transfer the tcp-connection-states