Public or Private IP on the WAN side?

[geo]

Hello,

A bit about me so you know where I'm coming from :)
I'm a home networking enthusiast and have been running OPNsense for several years now and want to learn about and deploy HA.

I'm just starting my education on this topic and I've looked at the OPNsense CARP documentation and also documentation from PF project and I see a disconnect on the WAN side of the firewall cluster.

The OPNsense documentation (see attached image) shows private IP address 172.18.x.x, while documentation from the other project shows public IP addresses 198.51.100.200-202 (see attached image).

I'm trying to rationalize the discrepancy between the documentation. Are 3 real IPs needed or can private IPs be used? In orther words, can HA be achived with one (1)  ISP-assigned IP address via DHCP fed to a switch that then splits that into private IPs as shown in the OPNsense documentation?

Thank you for any advise and insight :)

[bartjsmit]

OPNsense doesn't care about the RFC 1918 status of subnets other than optionally blocking them on the WAN side. If you don't need to route packets on the internet, you can use RFC 1918 ranges for them.

CARP traffic is almost certainly private, WAN less so  :)

Bart...

[clarknova]

Are 3 real IPs needed or can private IPs be used?

You must use 3 IPs that are valid on the subnet you are trying to communicate with. So if that's a public network, then you need 3 IP addresses in that subnet. If it's on a public network, then you need 3 IPs in that subnet.