Want redundant LAN connection, whats the best way to do it



  • I am setting up a network. I have 2 pfsense appliances, 4 nics in each, 2 of them assigned to wan (for failover and load balancing), 1 interface will be for carp and the last for lan. I have 2 switches for redundancy. 2 internet lines for redundancy. Each of the internet lines goes into each switch (vlan on each switch). out of that vlan on each switch come out 2 cables going to one of the wan ports on each of the pfsenses. The other switch mirrors with internet connection 2. Lan on each pfsense goes to each switch. I think I have all my bases covered here; redundancy in internet link and pfsense hardware failure. But what about if the switch dies that connects to the primary pfsense… I will lose internet, right? Because carp wont kick in because the carp link is hooked directly up pfsense to pfsense and both are still technically physically up.. Would I correct this by creating another vlan on the switches and connect up the carp links through both switches? This way if switch one dies the carp link is broken and pfsense2 kicks in. Is this the right way to do this? Any forseable problems?

    Sorry for the rant :) Bad day, was in the datacenter today and forgot to bring a sweatshirt, had short sleeves on ;)


  • Rebel Alliance Developer Netgate

    An ISP failure shouldn't trigger a CARP failure.

    If you have both WANs plugged into both pfSense boxes, the normal multi-WAN setup will handle the WAN failure by … just using the second WAN.

    No need to fail a whole box because one WAN failed.

    And if you only have one WAN plugged into each pfSense box (ISP 1 on box 1, and ISP 2 on box 2) that won't (and can't) work for proper failover.



  • Forget about the wan side, i may be confusing by bring that up, i have it set up like here - > http://forum.pfsense.org/index.php/topic,25138.msg130304.html#msg130304
    .
    .

    I have 2 pf senses and 2 switches, the lan on pf1 goes into sw1, and the lan on pf2 goes into sw2.
    The carp interface on pf1 and pf2 are connected with a crossover cable.

    All servers have 2 NICs that are load balanced, nic1 goes to sw1 and nic2 goes to sw2.

    My problem is if sw1 dies I cannot get out to the internet.

    What is the best way to make the switches fully redundant, they are totally redundant except on the pf sense LAN side.

    My thought to remedy this is the following:

    Create a VLAN on sw1 with ports 1 and 2
    Create a VLAN on sw2 with ports 1 and 2
    Connect carp interface on pf1 to sw1/port1
    Connect carp interface on pf2 to sw2/port1
    Connect sw1/port2 to sw2/port2

    My logic here is if switch 1 dies the carp link will be broken and pf 2 will not be able to send a heartbeat to pf1 and assume the master role, Since I have all the servers using 2 nics load balanced going to each switch all traffic will go through.

    Does this make more sense at my dilema?

    Thanks
    Jon


  • Rebel Alliance Developer Netgate

    @jhabers:

    My problem is if sw1 dies I cannot get out to the internet.

    That shouldn't be the case. If sw1 dies, it only takes out ISP1. ISP2 should still work. If you setup outbound load balancing/failover properly, you can lose ISP1 and still maintain connectivity for clients.

    Though if sw1 dies, it should also cause failover to the secondary box.



  • @jimp:

    @jhabers:

    My problem is if sw1 dies I cannot get out to the internet.

    That shouldn't be the case. If sw1 dies, it only takes out ISP1. ISP2 should still work. If you setup outbound load balancing/failover properly, you can lose ISP1 and still maintain connectivity for clients.

    Though if sw1 dies, it should also cause failover to the secondary box.

    Yes, it will fail over to ISP2, but…Anyone of the LAN wont be able to get out because they will not be able to get to pf1 because the LAN side of pf1 is plugged into sw1


  • Rebel Alliance Developer Netgate

    But if sw1 has failed, so failover to pf2 should have already happened.

    The way CARP works is that a "heartbeat" is sent on the wire for each CARP VIP, on the interface where those CARP VIPs reside.

    If the backup stops seeing the advertisement from the master, it takes over.

    I think you might still be confusing pfsync (for state sync) and XMLRPC sync (for config sync) on the sync interface with how CARP really works. The failover mechanism doesn't have anything to do with the sync interface itself.



  • @jimp:

    But if sw1 has failed, so failover to pf2 should have already happened.

    The way CARP works is that a "heartbeat" is sent on the wire for each CARP VIP, on the interface where those CARP VIPs reside.

    If the backup stops seeing the advertisement from the master, it takes over.

    I think you might still be confusing pfsync (for state sync) and XMLRPC sync (for config sync) on the sync interface with how CARP really works. The failover mechanism doesn't have anything to do with the sync interface itself.

    Perfectly stated Jim, yes I was confusing that the sync interface did the heartbeats as well, thank you very much

    Jonathan


  • Rebel Alliance Developer Netgate

    Since your CPE is already a SPOF, you might consider adding a cheap unmanaged switch behind each CPE, then you could have each CPE plugged into each switch directly, instead of having them plugged into only sw1 or sw2. That way if sw1 dies, you still have both ISP1 and ISP2 active.

    If a cheap unmanaged switch dies, you only lose either ISP1 or ISP2. Much more desirable scenario than losing both a managed switch and access to one ISP in the process.


Log in to reply