OPNsense Forum

Archive => 18.7 Legacy Series => Topic started by: mestafin on November 15, 2018, 09:28:50 am

Title: CARP VIP, IP Alias and VHID on VLAN's
Post by: mestafin on November 15, 2018, 09:28:50 am

I am running the latest 18.7.7 on two identical boxes in a HA cluster with CARP.

On the LAN side, I have 8 VLANS's defined on the the single LAN interface.

Each VLAN has it's own /24 subnet, defined ad follows:

VLAN 10
10.11.10.1/24     CARP VIP, with VHID=10
10.11.10.91/24   Box One Interface
10.11.10.92/24   Box Two Interface
   
VLAN 20
10.11.20.1/24     CARP VIP, with VHID=20
10.11.20.91/24   Box One Interface
10.11.20.92/24   Box Two Interface

etc for all VLANS

This all works very well.

Somewhere I read that CARP monitors a physical link and that that this setup creates unnecessary CARP broadcast traffic that is essentially redundant, as all the VLANS are on the same physical interface and cable. You will not have a failure where only one VLAN subnet (virtual Interface) will fail, all the VLAN virtual interfaces will fail together if the physical interface fails.

What I can remember from the comment, is that it is better to define a CARP VIP for one VLAN and then define IP Aliases for the other VLANS, but define the IP Aliases on the VLAN interface that is defined as a CARP VIP, but I am not sure that I got that right.

Any recommendations or advice will be appreciated

Title: Re: CARP VIP, IP Alias and VHID on VLAN's
Post by: mimugmail on November 15, 2018, 09:34:03 am

No, you misunderstood something.
Since you are using VLANs, stick to them and treat them like single cables.

Use aliases when you need more VIPs on one subnet (L3). And keep in mind when using alias to add them manually also on the second machine (no snyced).

Title: Re: CARP VIP, IP Alias and VHID on VLAN's
Post by: mestafin on November 15, 2018, 10:18:53 am

Thanks very much