Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Am I on the right track for Multi ISP / CARP - Multiple Routers

    Scheduled Pinned Locked Moved HA/CARP/VIPs
    5 Posts 4 Posters 4.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      brianw
      last edited by

      Ok this is pretty much how I see it working. I would like you great folks to take a look at what I got and tell me if it makes sense or not? Tell me if I am on the right track please.

      Dual Router's / Dual ISP's Setup.

      Both routers will be running pfSense. We intend to implement the load balancing and failover
      offered by pfSense.

      Here is an ASCII representation of the network. The IP's and some ifaces are of course, made up.

      Key

      ISP-1 = T1 - 82.23.56.96/28 - 14 Real IP's: 82.23.56.97 - 82.23.56.110
      ISP-2 = Wireless Internet - 101.44.16.32/28 - 14 Real IP's: 101.44.16.33 - 101.44.16.46

      LAN Network = 10.111.11.0/24
      DMZ Network = 10.11.121.0/24
      LAN Iface (Managed by CARP) = 10.111.11.1/24
      DMZ Iface (Managed by CARP) = 10.11.121.1/24
      LAN CARP Management Network (router1 (me0) - router2 (me0) - Intel NIC) = 10.222.22.0/29
      DMZ CARP Management Network (router1 (me0:1) - router2 (me0:1) - Intel NIC) = 10.222.33.0/29
      ISP-1 CARP Management Network (router1 (me0:2) - router2 (me0:2) - Intel NIC) = 10.222.44.0/29
      ISP-2 CARP Management Network (router1 (me0:3) - router2 (me0:3) - Intel NIC) = 10.222.55.0/29

      Switch-1 - WAN Switch -  24 port - 2 vlans for ISP-1 and ISP-2, and 1 vlan for the CARP mngt iface's.
      SW1-VLAN-1 - ISP-1
      SW1-VLAN-2 - ISP-2
      SW1-VLAN-3 - LAN+DMZ+ISP-1+ISP-2 CARP Management Net's

      Switch-2 - LAN/DMZ Switch - 48 Port - 2 vlans for LAN and DMZ
      SW2-VLAN-1 - LAN
      SW2-VLAN-2 - DMZ

      Router-1 = The main CARP router. AKA the CARP Master

      On-board iface will be used for connection to ISP-1 - onb0
      The first 3-port iface will be used for connection to ISP-2 - re0
      The second 3-port iface will be used for connection to the LAN - re1 - Managed by CARP
      The third 3-port iface will be used for connection to the DMZ - re2 - Managed by CARP

      All CARP ifaces will be on the single port Intel PCI NIC, represented here as me0.

      The CARP management iface for LAN - me0 - 10.222.22.1/29
      The CARP management iface for DMZ - me0:1 | vp0 - 10.222.33.1/29
      The CARP management iface for ISP-1 - me0:2 | vp1 - 10.222.44.1/29
      The CARP management iface for ISP-1 - me0:3 | vp2 - 10.222.55.1/29

      Router-2 = The secondary CARP router. AKA CARP Slave

      On-board iface will be used for connection to ISP-1 - onb0
      The first 3-port iface will be used for connection to ISP-2 - re0
      The second 3-port iface will be used for connection to the LAN - re1 -Managed by CARP
      The third 3-port iface will be used for connection to the DMZ - re2 - Managed by CARP

      All CARP ifaces will be on the single port Intel PCI NIC, represented here as me0.

      The CARP management iface for LAN - me0 - 10.222.22.2/29
      The CARP management iface for DMZ - me0:1 | vp0 - 10.222.33.2/29
      The CARP management iface for ISP-1 - me0:2 | vp1 - 10.222.44.2/29
      The CARP management iface for ISP-1 - me0:3 | vp2 - 10.222.55.2/29

      Here is an ASCII representation…

      
                                               ISP-1         ISP-2
                                                 |             |
                                                 |             |
                                              |--------------------|
                                              |  |  Switch-1   |   |
                                              |  |             |   |
                                |-------------|-SW1-VLAN-1 - ISP-1-|-----------------|
                                |             |                |   |                 |
                                |             |                |   |                 |
                                |  |----------|-SW1-VLAN-2 - ISP-2-|-------------|   |
                                |  |          |                    |             |   |
                                |  |          |                    |             |   |
                                |  |     |----|-SW1-VLAN-3 - CARP--|-----|       |   |
                                |  |     |    |--------------------|     |       |   |
                                |  |     |                               |       |   |
                                |  |     |                               |       |   |
                                |  |     |---------------|  |------------|       |   | 
                                |  |                     |  |                    |   |
                                |  |                     |  |                    |   |              
                                |  |                     |  |                    |   |
            onb0 - 82.23.56.97 -|  |-re0 - 101.44.16.33  |  | re0 - 101.44.16.34-|   |-onb0 - 82.23.56.98
                               ----------------          |  |          ----------------
                               |              |----------|  |----------|              |
                               |  Router-1    |me0/me0:1      me0/me0:1|  Router-2    |
                               |              |me0:2/me0:3  me0:2/me0:3|              |
                               ----------------                        ----------------                           
       re2 DMZ CARP 10.11.121.1/24-|     |  <-re1 - LAN CARP 10.111.11.1/24->   |    |-re2 DMZ CARP 10.11.121.1/24
                                   |     |                                      |    |                         
                                   |     |         |------------------|         |    |
                                   |     |         |     Switch-2     |         |    |
                                   |     |         |                  |         |    |
                                   |     |         | SW2-VLAN-1 - LAN |         |    |
                                   |     |---------|  10.111.11.0/24  |---------|    |
                                   |               |   LAN Clients    |              |
                                   |               |                  |              |
                                   |               | SW2-VLAN-2 - LAN |              |
                                   |---------------|  10.11.121.0/24  |--------------|
                                                   |   DMZ Clients    |             
                                                   |------------------|             
      
      

      Here is a dia version. This one is a bit more of a virtual representation…

      thanks for looking!
      brianw
      Routers-Setup.jpg
      Routers-Setup.jpg_thumb

      1 Reply Last reply Reply Quote 0
      • J
        jpriceit
        last edited by

        Bump!

        Nice level of detail, brianw. Have you tested this, yet?

        I have a very similar situation, so I'm dying to know if this configuration works well.

        1 Reply Last reply Reply Quote 0
        • P
          prairie-sky
          last edited by

          I'm looking to do this do.  How will you set up the fail over rules for the Dual Wan? I'm assuming that they'll be the same as in the tutorial.

          1 Reply Last reply Reply Quote 0
          • B
            brianw
            last edited by

            Sorry I have not replied; been a bit busy. We got the hardware and built a lab. We accomplished all of our goals in the end. The setup is at the clients new building awaiting the servers and clients that will be coming in the coming weeks. We experienced a bit of a heartache in the hardware department at first. We thought we were going to have to go back to the drawing board in the hardware department at first.

            We got (2) of the Jetway C7 2.0 boards with the daughter board capability. We got the (3) GB Nic daughter boards for them. The daughter boards did not work well at all. They kept dropping IRQ's and such. Generally just not working out. So we got (2) Dual GB Intel nics for each router. And still the problems with IRQ routing persisted. We finally found some documentation on the PCI riser card and was able to get the Dual GB Intel Nic's to work. We were very happy. :)

            My Brother and I will soon be publishing a HowTo for the setup we found. None of the HowTo's worked 100% for us… We had to figure some things out. I also want to post our setup so it can be scrutinized.

            Check back,

            brianw

            1 Reply Last reply Reply Quote 0
            • C
              Coldfirex
              last edited by

              @brianw:

              Sorry I have not replied; been a bit busy. We got the hardware and built a lab. We accomplished all of our goals in the end. The setup is at the clients new building awaiting the servers and clients that will be coming in the coming weeks. We experienced a bit of a heartache in the hardware department at first. We thought we were going to have to go back to the drawing board in the hardware department at first.

              We got (2) of the Jetway C7 2.0 boards with the daughter board capability. We got the (3) GB Nic daughter boards for them. The daughter boards did not work well at all. They kept dropping IRQ's and such. Generally just not working out. So we got (2) Dual GB Intel nics for each router. And still the problems with IRQ routing persisted. We finally found some documentation on the PCI riser card and was able to get the Dual GB Intel Nic's to work. We were very happy. :)

              My Brother and I will soon be publishing a HowTo for the setup we found. None of the HowTo's worked 100% for us… We had to figure some things out. I also want to post our setup so it can be scrutinized.

              Check back,

              brianw

              I would welcome your howto!

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.