Any possible way to configure LAGG in 2.2.4?
-
We recently had a hardware failure here causing a service interruption, and I'm trying to change our setup to be much more fault tolerant. Previously we had no CARP or link aggregation, and I'm trying to change that on our pfsense routers.
The problem I'm running into concerns lagg configuration. The router boxes in question all have two NICs, and I'd like them ultimately to be in a CARP configuration, with each using LACP lagg configuration for its interfaces, with 802.1q on top of that, and then the WAN interface defined to be one of the VLANs and the LANs to be various other VLANs–all on top of the lagg interface. However, when setting up lagg, it appears that is must be done via the web, and all interfaces must be removed from any assignment.
This presents two problems. First, if I remove the LAN interface assignment, I can no longer configure things via the web. I assume I can probably get around this by dropping into the shell and manually ifconfig'ing the LAN interface temporarily while I set the rest of it up. The bigger problem is, there is no way to unassign/delete the WAN interface?! This makes it impossible to ever set up a lagg group on the machines–or am I missing something here?
Is there a way around this by downloading and editing the xml config? Or should I just abandon a pfsense approach altogether and just go with vanilla FreeBSD?
-
Two physical NICs just doesn't sound like enough. What are you going to use for pfsync?
5 sounds better for what you want to do: 2 for WAN, 2 for LAN, 1 for pfsync.
-
Don't forget about extra switches. Don't want a single switch taking down internet access.
-
Two physical NICs just doesn't sound like enough. What are you going to use for pfsync?
5 sounds better for what you want to do: 2 for WAN, 2 for LAN, 1 for pfsync.
5 seems very excessive. With two connections, either one can go down and routing will remain unaffected, as all the VLANs are on a single aggregated link (not to mention multiple routers being present in a redundant CARP configuration).
The big problem is, pfsense forces you to put a physical or VLAN interface as your WAN interface, and as such, that can never be reassigned to an LACP interface (EDIT: well, maybe if I had at least 3 interfaces I could create the lagg interface and move it over later on). I've given up on trying to do this in pfsense for now, and am just going with vanilla FBSD routers, as the configuration is much more straightforward there.
-
Good luck.
