Show Posts
16
High availability / Re: HA: with one WAN address possible
« on: December 28, 2022, 01:31:13 am »
Hi Grefabu,
Your question isn't necessarily about HA but rather CARP. CARP is essentially the FreeBSD version of VRRP/HSRP and all of these protocols require three IP addresses to be used. The unique IP assigned to each device is used to send keepalives to the other and negotiate who the master of the CARP VIP should be. Specifically, each device will use their unique IP to send out a multicast message (224.0.0.18) with CARP related information (priority/skew, VIP, etc) and each box negotiates from there.
To do what you are asking, the opnsense team would need to completely reconfigure how HA works for the platform. I'm not familiar with how Sophos works but to relate it to other...larger companies...HA would need to be re-tooled to function more like VSS/VPC where both boxes act logically as one unit instead of one box doing a "config sync" to the other.
Your question isn't necessarily about HA but rather CARP. CARP is essentially the FreeBSD version of VRRP/HSRP and all of these protocols require three IP addresses to be used. The unique IP assigned to each device is used to send keepalives to the other and negotiate who the master of the CARP VIP should be. Specifically, each device will use their unique IP to send out a multicast message (224.0.0.18) with CARP related information (priority/skew, VIP, etc) and each box negotiates from there.
To do what you are asking, the opnsense team would need to completely reconfigure how HA works for the platform. I'm not familiar with how Sophos works but to relate it to other...larger companies...HA would need to be re-tooled to function more like VSS/VPC where both boxes act logically as one unit instead of one box doing a "config sync" to the other.