CARP with /30 and routed /29 network
-
Hi
I plan to replace my current Firewall with Pfsense. I also like to use two Firewalls with carp to increase availavility. This leads to my question.My proivder gives me a /30 which I used for WAN interface of my current firewall. The first IP in this /30 is the providers gateway.
Additional we have a /29 network routed to our network. Can I use such a setup with carp or is this not possible? I understand that i need 3 Public IPs for this. I have them in my /29. But I'm not sure about the IP of the /30 network.Thanks for your Support
Zueri
-
In that circumstance you need two /29s instead of a /30 and a /29. The routed /29 is routed to a CARP IP in your WAN-side /29. Same for VRRP and HSRP, your ISP should be familiar with that requirement from other customers and hopefully willing to provide a bigger WAN-side subnet.
In the future, that may no longer be a requirement, but for the time being it is.
-
Another option would simply place the /30 on a Router, and place the pfSense firewalls behind it. Obviously the Router becomes a single-point-of-failure.
-
Thanks for your support. I'm glad that my provider agreed on giving us a /29 subnet for the WAN-side. Therefore I'm ready to try it the easy way ;-)