Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
Transparent Filtering Bridge + CARP/pfsync for HA?
« previous
next »
Print
Pages: [
1
]
Author
Topic: Transparent Filtering Bridge + CARP/pfsync for HA? (Read 1650 times)
Joker535
Newbie
Posts: 1
Karma: 0
Transparent Filtering Bridge + CARP/pfsync for HA?
«
on:
July 10, 2019, 03:26:16 pm »
I have been running pfsense 2.3.4 as a Transparent Filtering Bridge with my /24 range of public IPs for a number of years now. The hardware I was using died so now its time for an upgrade (and move to opnsense).
I am considering running 2 identical pieces of hardware and I have read about CARP/pfsync for HA setups. All the documentation I find seems to refer to using different subnets in private ranges which I do not have the option to do. All of the servers behind the firewall have static public IP addresses (no DHCP and no NAT) all in the same subnet. I have a separate backend network connected to each server using static private IPs with no internet access (no gatway, no router, no DHCP). I also had a 3rd interface set up in pfsense with a backend IP for management gui access only.
Is it possible to run 2 Transparent Filtering Bridge setups in an HA (failover) configuration (via CARP/pfsync) in a single subnet?
Each machine would have a dedicated nic for WAN, nic for LAN, nic for the private backend (management), and a nic for pfsync (4 NICs per machine).
Is this feasible and if so is it a reliable setup? I don't want to spend any more time on it if it isn't.
Thanks
Logged
AlfonsoI
Newbie
Posts: 1
Karma: 0
Re: Transparent Filtering Bridge + CARP/pfsync for HA?
«
Reply #1 on:
July 10, 2023, 10:13:11 am »
Hello,
I have same use case. Have you been abled to test it?
I think it is not possible to make HA on Bridge. The reason is because CARP is working on IP protocol which is above L2 traffic enabled on both (LAN and WAN) Bridge interfaces. I guess you can attach a CARP virtual interface to the bridge interface and make HA on the administration Bridge interface. But if you have both firewalls connected to your core routers you might start to get some routing loop (spanning tree)
I would love to hear from anyone that has been abled to make it work.
BR,
Alfonso
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
Transparent Filtering Bridge + CARP/pfsync for HA?