CARP on OVH dedicated cloud
-
Hi,
I'm currently have a test-drive with OVH dedicated cloud (vSphere 5.5) My goal is to have a virtual redundant HA pfSense setup as base for other networks / servers behind the pfSense machines. I have successful set up HA between pfSense boxes in the past, no problem ever. But after reading the FAQ and the WIKI for specific problems when using vSphere / ESX I just need some advise how to communicate with the tech staff at OVH, I have written many tickets describing the problem including links to the pfSense FAQ but they say always "we have customers that are using pfSense with CARP" and everything is fine. They have turned on CARP and VVRP support at my request on their vswitch but I think they must also allow promisc mode on the proper port groups as stated in the wiki.
So to make a long story short, is anyone around here that have a successful HA CARP pfsense setup running at the OVH dedicated cloud?
Thank for your help,
René -
Just for the records, after a really long e-mail support conversion pointing them into the right direction the OVH staff was able to activate promise mode on the portgroup for the pfSense boxes. So now it just works as expected (
).René
-
@rsk:
Just for the records, after a really long e-mail support conversion pointing them into the right direction the OVH staff was able to activate promise mode on the portgroup for the pfSense boxes. So now it just works as expected (
).René
Bonjour René!
Could you please share how did you make CARP working in OVH environment?
Thanks!
-
Got an answer from OVH that CARP is not possible for their hardware dedicated servers due to network design.
I've solved this using OVH Control Panel API - https://api.ovh.com
-
buy some OVH failover IP's (one or subnet block ) and assign them to "master" firewall in OVH Control Panel
-
create identical "IP alias(es)" for OVH failover IP's attached to WAN interfaces on both "master" and "backup" firewalls.
Yes, create identical IP Aliases - no IP conflict will ever happen. -
wrote a Python script that moves above OVH failover IP's to "backup" server in case "master" firewall stops responding for let's say 10 seconds
Script can work on backup server on any other Linux/Windows server anywhere.
Works just fine - API failover IP move takes about 50-55 seconds to finish.
So, if scripts timeout for your "master" firewall is set to 10 seconds - you are looking at max 60-65 seconds outage for your services.Boom.
-