CARP VIP interfaces?
-
In a post I made in December 2010 (http://forum.pfsense.org/index.php/topic,31279.0.html) I was told that in pfsense 2.0, I could make use of "IP aliases on CARP VIP interfaces" in order to get around the fact that the CARP protocol only supports 254 unique VHIDs on a single broadcast domain.
Can one tell me how to do this?
-Sean
-
Add a CARP VIP on an interface, and then add an IP Alias afterward. When setting up the IP alias, choose the CARP VIP as the interface for the IP alias.
-
I don't think I am understanding…
I get "The following input errors were detected: For this type of vip a carp parent is not allowed."
Am I doing this right?
1. Add a CARP VIP
2. Add an IP alias that is the same IP as the CARP VIP
3. Go back to the CARP VIP and choose that Alias as the "interface" ?Also, how does this fix the issue with carp in a single broadcast domain?
Thanks,
-Sean
-
Why would you do step 2? And why would you alter it in step 3? That's not right.
No, you have one main "carp" VIP, say x.x.x.1, say that is vip25. Then you add an IP alias for x.x.x.4, interface is vip25. Add another IP alias for x.x.x.5 on vip25, etc, etc.
It helps because only one heartbeat goes out for each carp VIP. You can have hundreds of IP aliases on a single CARP VIP and so they are all controlled by that single heartbeat.
-
I'm sorry - I still don't understand. Where is the "IP Alias" option/menu?
Are you talking about the menu Firewall > Aliases? If so, I don't see anywhere to set an "interface."
Additionally, when I create a CARP address, I do not see "IP Alias."
Am I the only one struggling with this?
-Sean
EDIT
OK maybe I get it now (needed a drink). Please correct me if I am wrong…1. Add a VIP type=CARP entry (unique IP, whatever interface, unique VHID etc).
2. Add a VIP entry type=IP Alias (unique IP, interface of previous IP etc).
3. Repeat step 2.This pretty much ensures that you won't run out of VHID's.
I assume CARP still acts the same way when failover is configured correctly? ALL IP's will still failover, right? No tricks here?
Thanks again,
-Sean
-
Yep, you got it there at the end.
You have one CARP VIP that has the VHID - announcements happen there, and the other IP Alias type VIPs sit on top of that CARP VIP.
They all fail in a group with the CARP VIP. Actually faster than they would individually because they don't need <x>advertisements per second, where <x>is your number of IPs, just the one of the CARP VIP.
Less headache, less VHIDs, less network traffic. It's a very nice way to do it.</x></x>
