IPv6 /64 subnets for servers with HA
-
What I want:
I am setting up a Netgate XG-7100 HA Cluster for a small data center. We want to offer our clients Servers and VPS with a whole IPv6 /64 subnet for each server. I checked out how Hetzner is doing it and tried to implement their setup using pfsense.
Hetzner gives you a whole IPv6 /64 subnet for your server and the default gateway is always fe80::1.What I tried:
I configured one DMZ interface with a /52 subnet, so within that range i can have 4096 /64 subnets for up to 4096 clients, e.g. DMZ1 with static IPv6: 2001:db8:dc01:3000::1/52 and on the HA backup node i configured the same interface with IP 2001:db8:dc01:3000::2/52.
After that I configured a CARP VIP for that interface: fe80::1/64.
When I start servers on that network, I can configure them like:
Server 1 IP: 2001:db8:dc01:3001::/64 (any bunch of IPs within that /64 block)
GW: fe80::1
Server 2 IP: 2001:db8:dc01:3002::/64 (any IPs within that range...)
GW: fe80::1
... and so on ...
With this setup verything works fine except HA. In case of powering off or rebooting the master node, the second node won't bring up the fe80::1/64 VIP.
The Carp Status is initially reported fine on both nodes (Node 1: everything Master, Node 2: everything Backup) but after some time all Link-local VIPs change into INIT status on the second node.
Questions
Is this Hetzner style configuration possible with pfsense and with HA? If yes, how can it be achieved?
Are there any other best practices that could solve my problem?
Can i configure the link local addresses of the pfsense interfaces?
Can link local addresses somehow be used as CARP VIPs?
Thanks for your help!