Can I set up CARP with only two NICs?



  • I've set up CARP before using 3 NICs. Is it possible to put the sync connection over either the LAN or WAN NICs?

    Here's why I am interested: A couple of years ago I upgraded my 3 Ethernet PC-Engines WRAP box to a newer ALIX board, with only 2 NICs. I would like to use this box as my failover node, and have my primary node be a VM in my ESXi box. I've done two VMs and love the capability, but I want to have seamless access to the Internet even when I take down my VMware server.

    I can muddle through this and try it on my own, but any experience this forum has would be helpful. Let me know what you think!



  • Yes. Not ideal, but you can use LAN if you want.



  • If possible, i think a vlan would be better.



  • Thank you for the responses.

    I'd like to understand the technical considerations. Why is it highly recommended if it isn't required?

    • Is it simply that the code was written with 3 networks in mind, so there are side effects such as ARP messages or other issues?

    • Is it a security consideration, i.e. the sync protocol isn't considered secure?

    For example, this is for my home LAN. I would be willing to risk the second bullet above, if the sync ports existed on my LAN. I also have a router-behind-router, as my Internet connection is AT&T UVERSE and their gateway ONLY works in router mode. So I could easily have the sync ports live in that network, as it is not exposed to the outside world via port forwarding, and could even be firewalled with rules on the UVerse gateway.

    I might start playing with it today. Thanks again for your input!



  • As far as I know the CARP is supposed to use a dedicated NIC and a crossover cable to minimize possibility of failure.

    I see no reason why you can't map CARP to a switch VLAN in a home setting.



  • It's for security and performance reasons. Detailed explanation in http://pfsense.org/book


Log in to reply