CARP Issue



  • Hello,

    I have a CARP specific question. I have two firewalls, I run FreeBSD 9.1 and I have several public IP addresses which are setup on my lagg0 (internet) interface (configured as failover em0 and em2 interfaces). My internal em1 interface is the interface to the intranet.

    Shared WAN IP: 20.117.117.30
    Shared WAN IP: 20.117.117.31
    Shared WAN IP: 20.117.117.32
    Shared LAN IP: 10.1.2.1

    • FW1: The configuration in the rc.conf for FW1 (active FW) is as follows:

    ifconfig_lagg0="laggproto failover laggport em0 laggport em2 20.117.116.132/29"
    ifconfig_lagg0_alias0="inet 20.117.117.30 netmask 255.255.255.255"
    ifconfig_lagg0_alias1="inet 20.117.117.31 netmask 255.255.255.255"
    ifconfig_lagg0_alias2="inet 20.117.117.32 netmask 255.255.255.255"

    ifconfig_em1="inet 10.1.2.10 netmask 255.255.255.0"
    ifconfig_em1_alias0="inet 10.1.2.1 netmask 255.255.255.255"

    ifconfig_em3="inet 10.1.1.1 netmask 255.255.255.0"

    ifconfig_carp0="inet 20.117.117.29 netmask 255.255.255.255 vhid 1 pass test advskew 0"

    ifconfig_carp1="inet 10.1.2.1 netmask 255.255.255.255 vhid 2 pass test advskew 0"

    ifconfig_pfsync0="syncdev em3"

    • FW2: The configuration in the rc.conf for FW2 (failover FW) is as follows:

    ifconfig_lagg0="laggproto failover laggport em0 laggport em2 20.117.116.131/29"
    ifconfig_lagg0_alias0="inet 20.117.117.28 netmask 255.255.255.255"

    ifconfig_em1="inet 10.1.2.20 netmask 255.255.255.0"

    ifconfig_em3="inet 10.1.1.2 netmask 255.255.255.0"

    ifconfig_carp0="inet 20.117.117.29 netmask 255.255.255.255 vhid 1 pass test advskew 100"
    ifconfig_carp0_alias0="inet 20.117.117.30 netmask 255.255.255.255"
    ifconfig_carp0_alias1="inet 20.117.117.31 netmask 255.255.255.255"
    ifconfig_carp0_alias2="inet 20.117.117.32 netmask 255.255.255.255"

    ifconfig_carp1="inet 10.1.2.1 netmask 255.255.255.255 vhid 2 pass test advskew 100"

    ifconfig_pfsync0="syncdev em3"

    After restarting both Firewalls the carp0 and carp1 interfaces are created, but on FW2 the IP aliases are not set on the carp0 interface. I am aware that the subnets must be the same, that's why I have configured 20.117.117.28 on the lagg0 on FW2, in order to allow CARP set the aliase IP addresses 20.117.117.30-32 on carp0.

    I read that it would be possible to set the IP aliases on the loopback interface. How would a solution like that work?

    Any help would be very much appreciated.

    Regards,
    Christian


Log in to reply