Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    CARP og IP Alias on additional IPs routed to us by the data center

    Scheduled Pinned Locked Moved
    HA/CARP/VIPs
    3
    4
    1.6k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      professor
      last edited by

      Hello.

      We are just about to go live from 1 pfsense box, to 2x Netgate 7100-1U.

      Last question i have.
      CARP on the new IP does not seem to work.
      2957c17b-7de3-4080-811b-3de007a49fcc-bilde.png
      WAN@14 is our IP, and WAN@15 is a routed IP to our router.

      Today we use IP alias.
      With HA, can i use CARP? Will it just activate this IP on both boxes?
      Like if i had set IP Alias on both pfsense boxes?

      Thanks.

      DerelictD V 2 Replies Last reply Reply Quote 0
      • DerelictD
        Derelict LAYER 8 Netgate @professor
        last edited by Derelict

        @professor You don't need any VIPs to use a routed subnet for certain things. It depends on what you want to do with them.

        https://docs.netgate.com/pfsense/en/latest/firewall/virtual-ip-address-comparison.html

        You need to be sure that upstream is routing the subnet to a CARP VIP on the interface subnet, though, so the route will follow the VIP if it moves to the other host.

        If you need to use IP Aliases then set the interface to a WAN CARP VIP, not WAN itself. That way the VIP will swing with the MASTER CARP status.

        Chattanooga, Tennessee, USA
        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        P 1 Reply Last reply Reply Quote 0
        • V
          viragomann @professor
          last edited by

          @professor
          No, keep it as IP alias, but hook it up on the WAN CARP VIP now.

          1 Reply Last reply Reply Quote 0
          • P
            professor @Derelict
            last edited by

            @derelict
            Yeah, same conclusion i had.

            @viragomann
            Yup.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post