Am I on the right track? Two pfSense boxes sharing the load.



  • Hello,

    My current set up

    Firewall:
    1 Atom D510 Intel mother board with two realtek nics.
    1 dual port Intel Pro 1000 card
    4 gig Ram
    pfSense 1.2.3
    A few packages including Squid, Snort, and HAVP (side question, are any of these making my life better?)

    Server
    Dell 1950
    Dual Port Intel Pro 1000
    vmWare ESXi  with a mix of Windows and Linux Virtual Machines

    Location
    A data center
    Bandwidth is as good as it gets
    I can get as many ips as I need / no charge!

    My main concerns
    Eliminate as many single points of failure as I can afford to
    Create a second Firewall exactly like the one above
    Use them to Load Balance EACH OTHER and achieve redundant utopia

    What I mean by load balance EACH OTHER is that they should share the work load. My server is primarily used as a database server with minor web usage. I care about my customers being able to reach their data. I understand fail over and all that but because the limited abilities of my Atom processors I want two boxes or more to function as one and to share the load and enhance throughput.

    I would use one Intel Pro Port for the WAN and one for the LAN. I would use the two on board realteks for the extra nics that pfSense requires. I would then cable each LAN to a separate switch and then run a cable from each switch into the back of the the 1950. I also have a few other servers that are not mission critical that will eventually participate.

    Truthfully, this is probably over kill but it will look good in the brochure.

    Am I on the right track? Any ideas or links? I have the book and am trying to comprehend it's wisdom but I can't seem to confirm that two or more units units can be set up to load balance each other.


Locked