Setting up CARP with 2 WAN upinks
-
I currently have 1 pFsense router and want to buy another unit to set up a CARP, however the IP addresses on both lines are dynamic.
There is no inbound traffic that requires that the IP address stays the same, the main reason to set up a CARP is for our VOIP telephones.I'm currently using pFsense 2.1-BETA1
Could someone help me out with the question wether it is possible to create a setup like this?
-
I currently have 1 pFsense router and want to buy another unit to set up a CARP, however the IP addresses on both lines are dynamic.
There is no inbound traffic that requires that the IP address stays the same, the main reason to set up a CARP is for our VOIP telephones.This will work, but all your current connections (read:phone calls) will (obviously) break when fail-over happens.
If your provider is nice enough to provide you with 2 IPs per line (like mine :D). I think you could actually cross-connect those and have 2 WANs in use if both lines are up, but this will complicate things a lot.
-
Thanks for your info!
I'm planning to place a managed switch in the situation, so that WAN0 and WAN1 are available to both the pfsense machines.
The ISP is not providing me with 2 IP addresses as far as I know, however I will check that to be sure.
Can I just go ahead and set things up or is there something I should keep in mind while setting this up? -
I'd say start with either sharing one connection between the two or having one connection each, before setting up 2 WANs on both, because load-balancing and CARP are two very different things, I think you should know them both separately before doing them at the same time.
-
It's best to have both ISPs connected to both units, that way you get the benefit of Multi-WAN redundancy and CARP. If both IPs are dynamic, that's not necessarily fatal if you're willing to put up with double NAT. You can put the ISP modems into router mode, setup a "DMZ" in them to point all traffic at the CARP address you make for that WAN, and so long as easy ISP modem/router is using a different subnet and a separate switch/VLAN, and you set a monitor IP on each to something on the Internet somewhere, it can still work.
Not as pretty as having a /29 to use on each WAN, but it would get the job done.
You could use a separate ISP on each CARP node, but you wouldn't get Multi-WAN failover. If the ISP on WAN1 failed, it wouldn't make the cluster fail to the secondary node unless you power off the modem there manually.
