HA Setup, non-identical hardware
-
Hi Everyone,
Is it possible to set up 2 pfsense boxes in CARP failover mode, but the boxes not being identical.
For example, the "main" box would have many interfaces, however the "failover" box would only have 2 interfaces and use VLANs to split up into different interfaces.
I would want all firewalls rules and IPSEC/OpenVPN settings to be synced though
Also, to complicate things, this setup will be used by my server provider as a "next-hop" to route a few public subnets to me. Is this compatible with CARP?
These 2 boxes will have a dedicated interface for CARP syncing, using a crossover cable.
Any help would be appreciated
Thanks
-
You can use two different boxes for CARP as long as the interface count and ordering is identical.
In order to sync OpenVPN fully you'd have to be on 2.0
As long as your upstream provider routes your IPs to your WAN CARP VIP, then it works fine.
-
So let's say I had a
Master) A standard PC, with 2 onboard NICS, plus 2 X dual PC Network Cards. All NICs are GigE (Total 6 NICS)
and
Slave) An embedded x86 system with 6 onboard NICs (2 are GigE, 4 are 10/100)Would this work ok?
Also, for the "LAN" side, does each pfsense box really need it's own IP, as well as the shared VIP? I'm assuming that I can access the web config via another interface
Thanks
-
The hardware will work as long as you have the same number of interfaces and they are assigned in the same order. Doesn't matter if they are different drivers or types.
On each interface, both boxes need an IP and then the shared IP, so at least three IPs in every subnet.
