[SOLVED] Failover with IP-MAC bind
-
Hi!
I'm going to make 2 node failover cluster on pfSense, but I think it will be not so easy: my ISP can't give me an IP without MAC binding, so I can't move this virtual IP between servers. Is there some kind of option to deal with it?
Currently I see two options:
1. Is it possible not to use virtual IP? I mean that each firewall will have it's own IP (WAN) but I will not use virtualIP for WAN. If first server will fail, virtual IP for LAN will be moved to another server and another server's WAN IP will be used (not virtual IP).2. Is it possible to move MAC between servers? I mean that each firewall will have it's own IP (WAN) and if one server will fail, virtual IPs for LAN and WAN plus MAC for WAN interface will be moved to another server.
-
Have you tried using CARP VIPS? They generate a unique mac for each IP and move between nodes. You should be able to use a standard failover setup. There are some howtos about, or get the book for step by step instructions.
-
Have you tried using CARP VIPS? They generate a unique mac for each IP and move between nodes. You should be able to use a standard failover setup. There are some howtos about, or get the book for step by step instructions.
I didn't try it yet, just going to. But I'd like to do it fast, so now I'm trying to discuss possible problems.
So do You mean that external (WAN) virtual IP will have it's own MAC which will be the same for each server?
-
Yes, CARP generates a MAC using a reserved range completed with the vhid. Which ever node is in control will answer.
-
Thanks for a good news! :)
