Different WAN IP pool for CARP shared IP
-
I am changing the single pfsense instance to failover using CARP in my office. Have been reading the pfsense2.1 book and notice that you seem to show it's preferable to have the WAN and CARP virtual IP in same subnet.
But my ISP gives two subnets- /30 for WAN interface and /29 subnet for any other use.
The current configuration has two ISP with load-balancing. I already use the /29 subnet from both ISP to for all outgoing NAT traffic.
Does it work if use the same /29 subnet for CARP virtual IP?
-
You must have a /29 between you and your ISP as well as the routed /29 (same as VRRP, HSRP). That's discussed in more detail in the High Availability chapter of the book.
-
Thanks Cmb. Went through the whole chapter 25 again. If I understand from you and the book, I can't use CARP with /30 at all, even though I have a whole of /29 (routable) for myself. It will be a big let down If I can't implement CARP, it hurts our BCP a lot.
I will try asking my ISPs to swap the IP subnets so that my gateway falls in /29 range. In here ISPs are simply unresponsive & wont budge easily for new change requests. I just want confirm if the above is right before I start prodding them.
-
It'll have to be changed to a /29 for the interconnect subnet. Generally not a problem to get your WAN-side subnet changed from /30 to /29. It's not an uncommon request, since it's typical of router redundancy protocols.