Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Vip options in 2.0 Beta-4

    Scheduled Pinned Locked Moved 2.0-RC Snapshot Feedback and Problems - RETIRED
    9 Posts 4 Posters 2.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • E
      elvisnld
      last edited by

      Guys,

      Regarding the pfsense book, and this http://doc.pfsense.org/index.php/What_are_Virtual_IP_Addresses%3F

      In 2.0 i however see:

      CARP
      PARP
      Other
      Alias    –-> new

      Is this the same as when i do an ifconfig add inet xxxxxx bge0 for example?

      We currently have:

      • 24x ip-aliases
      • NAT 1:1 those 24 ip's
      • Firewall rules through nested aliases: ip-groups + ports groups

      Works like a charm!  ;)

      When we deploy HAproxy shortly, will this work or do i have to revert to CARP?
      (which is supposed to be the only type of vip that the FW itself can use, and since HA works on the FW itself ..)

      Do aliases work more or less the same or is this bad practice?

      Changing from alias IP to PARP is easy, CARP seems a bit more work but not undo-able.

      Any advice is welcome.

      Regards,

      Mario.

      No!, i will not fix your computer ..

      1 Reply Last reply Reply Quote 0
      • E
        Efonnes
        last edited by

        @elvisnld:

        In 2.0 i however see:

        CARP
        PARP
        Other
        Alias    –-> new

        Is this the same as when i do an ifconfig add inet xxxxxx bge0 for example?

        Yeah, that's basically what it is.

        1 Reply Last reply Reply Quote 0
        • E
          elvisnld
          last edited by

          Thanks for the reply!

          I guess then we have to move to carp's then.

          If only there was a Pfsense 2.0 errata for that nice book i bought last year (pfsense the … guide)  ;)

          closed

          No!, i will not fix your computer ..

          1 Reply Last reply Reply Quote 0
          • C
            cmb
            last edited by

            If you want failover with haproxy, you have to use CARP VIPs, IP aliases can only reside on one system. If you have only one system, either IP aliases or CARP IPs are fine.

            1 Reply Last reply Reply Quote 0
            • E
              elvisnld
              last edited by

              Cmb,

              Thank you very much for the speedy reply!

              By one system, you mean one pfsense firewall?.
              I know i can't make it a redundant pfsense ' cluster' this way, we stepped away from that approach because of difficulties with VRRP on the wan from the isp,  not pfsense's fault as we know, thank you Cisco and IETF  ::)

              We have

              ISP–88.x.x.x.x.-->Pfsense ---> cloud 10.x.x.x. )

              Pfsense might get HAproxy to loadbalance ie http to the webservers into the cloud.

              Maybe i should have been asking:

              If i want to use Haproxy on my pfsense fw to LB to my lan-based servers what is the way to go for the vips? carp?

              No!, i will not fix your computer ..

              1 Reply Last reply Reply Quote 0
              • jimpJ
                jimp Rebel Alliance Developer Netgate
                last edited by

                @elvisnld:

                If only there was a Pfsense 2.0 errata for that nice book i bought last year (pfsense the … guide)  ;)

                There will be a new book, far too much has changed for a simple errata list.  :)

                Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                Need help fast? Netgate Global Support!

                Do not Chat/PM for help!

                1 Reply Last reply Reply Quote 0
                • E
                  elvisnld
                  last edited by

                  Hi Jim, I was just kidding offcource!  ;D
                  Great i'll order a copy the second it comes out. it's a way to sponsor you guy's a bit too i guess  ;)

                  No!, i will not fix your computer ..

                  1 Reply Last reply Reply Quote 0
                  • C
                    cmb
                    last edited by

                    @elvisnld:

                    By one system, you mean one pfsense firewall?.
                    I know i can't make it a redundant pfsense ' cluster' this way, we stepped away from that approach because of difficulties with VRRP on the wan from the isp,  not pfsense's fault as we know, thank you Cisco and IETF  ::)

                    You can still use CARP where your provider is using VRRP (though it may create some log noise on both sides, it will work perfectly fine), just make sure you're using different VHIDs.

                    @elvisnld:

                    If i want to use Haproxy on my pfsense fw to LB to my lan-based servers what is the way to go for the vips? carp?

                    Which ever you want, if you have one it doesn't matter which you use.

                    1 Reply Last reply Reply Quote 0
                    • E
                      elvisnld
                      last edited by

                      @cmb:

                      @elvisnld:

                      By one system, you mean one pfsense firewall?.
                      I know i can't make it a redundant pfsense ' cluster' this way, we stepped away from that approach because of difficulties with VRRP on the wan from the isp,  not pfsense's fault as we know, thank you Cisco and IETF  ::)

                      You can still use CARP where your provider is using VRRP (though it may create some log noise on both sides, it will work perfectly fine), just make sure you're using different VHIDs.

                      I read that in the book, but i wasn't brave or skilled enough at that time.  :P

                      @elvisnld:

                      If i want to use Haproxy on my pfsense fw to LB to my lan-based servers what is the way to go for the vips? carp?

                      Which ever you want, if you have one it doesn't matter which you use.

                      ok, clear.

                      Kewl, this i aparentlly didn't fully understand from the book then, now i do

                      The information here: http://doc.pfsense.org/index.php/What_are_Virtual_IP_Addresses%3F should be updated a bit then.
                      it's a bit misleading.  But thank you very much for explaining it!

                      No!, i will not fix your computer ..

                      1 Reply Last reply Reply Quote 0
                      • First post
                        Last post
                      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.