Redundant network recommendations

  • Hey

    We are going to deploy a new hosting location. The datacenter provides us with two WAN interfaces for redundancy. One active/one backup.

    My plan is to setup two WAN switches, two pfSense-servers and two DMZ switches, as you can see at my attachment.

    I have some questions:

    • Should we configure a WAN LAGG interface and a DMZ LAGG interface, so both serveres is connected to both switched on both side?

    • Would it be okay, to connect the WAN-lines dirrectly to the two pfSense serveres or should it be connect to at WAN Switch?

    • If we should use LAGG interfaces, which LAGG configuration would you recommend for redundancy and high performance? (failover, failover, roundrobin)

    Are there anything else we should consider?

    Thanks in advance.


  • Anyone?

  • Would it be possible to order commercial support and use the included time the get recommendations for correct network setup?

  • I have not setup LAGG on pfsense yet so I can't really comment on that, though I believe it is what you will want to do on both the WAN and LAN/DMZ sides. For the WAN links, I would have them on switches like you have it diagramed. This allows either server to have access to both links. Do you have at least 3 distinct IP addresses on EACH circuit? You will need that for carp redundancy (if you have your own IPs and are using BGP or something to announce them over the links then you would just need the one set of 3, otherwise you need two sets of 3, one for each).

Log in to reply