How to connect 2 bridged WAN to a switch ?
-
I have inherited 2 pfsense instances (2.0 and 2.0.1) behind a baystack 350-12T switch.
pfsenses have the same config : WAN,LAN,OPT2 - bridged.
WAN (with assigned IP) connected to baystack, LAN (no IP) to DMZ
OPT2 is connected via CARP and is used for pfsync.
I'd like to have a WAN VIP address, which would be used as a default gw for DMZ network (a few /24 networks) and load balancer.
For the moment one switch port is disabled to not have a network loop. And for that reason CARP fro WAN doesn't work (both are in master status).
In case of any issue with one of pfsense, baystack switch ports (pfsenses are connected to) are manually swapped (en/dis to dis/en).
That's the current situation.What I want to get, is to enable both baystack ports, and have a real failover configuration.
What is the best approach we can go with ? baystack support a kind of STP. STP is disabled on both pfsense bridges.
I have read many opinions, that STP may cause issues, I cannot afford (everything is in production).
Is STP a way to go with, or to use devd, as it is described here http://forum.pfsense.org/index.php/topic,4984.msg87793.html#msg87793What would you recommend ?