English Forums > High availability

CARP with DHCP on WAN

(1/6) > >>

bubbagump:
This seems to be a pretty common topic, but I haven't found anything definitive. I have a DHCP address on my WAN. I have seen multiple work arounds involving spoofing MACs, using non-routable IPs on the WAN interface for CARP and others. It seems to me that simply doing an ifdown on the WAN interface of the backup firewall is fine for my use case.

The big question is, where should I create my notify logic? Can I do it directly in /usr/local/etc/devd/carp.conf or will that get overwritten with updates? Can I create another file /usr/local/etc/devd/mycustomtweaks.conf that will be safe from updates?

mimugmail:
WAN with DHCP and CARP is no fun.
I usually let a modem to the dialin and OPNsense behind with static IPs

sorano:
I guess the plan is to have stateful failover on DHCP WAN?

Please update the thread if you find any good solutions as I would like to have the same.
Currently I just keep my WAN interfaces without CARP so when a failover occurs it drops all external sessions but at least I still have Internet access.

bubbagump:

--- Quote from: sorano on January 19, 2021, 05:06:05 pm ---I guess the plan is to have stateful failover on DHCP WAN?

Please update the thread if you find any good solutions as I would like to have the same.
Currently I just keep my WAN interfaces without CARP so when a failover occurs it drops all external sessions but at least I still have Internet access.

--- End quote ---

The plan is if the firewall is BACKUP then 'ifdown vtnet0' which is my WAN interface. If the firewall is MASTER then 'ifup vtnet0'. I don't expect this to be stateful nor do I plan to have CARP VIPs on the WAN interface. I simply want to use the CARP state to trigger an interface change.

It actually sounds like you are doing what I am after. How are you achieving that? For instance, just in basic testing on my BACKUP, if I run 'ifconfig vtnet0 down' all interfaces go down and 'ifconfig vtnet0 up' brings all interfaces up. It's bizarre.

sorano:

--- Quote from: bubbagump on January 19, 2021, 11:01:26 pm ---It actually sounds like you are doing what I am after. How are you achieving that? For instance, just in basic testing on my BACKUP, if I run 'ifconfig vtnet0 down' all interfaces go down and 'ifconfig vtnet0 up' brings all interfaces up. It's bizarre.

--- End quote ---

I run CARP on all interfaces except for WAN. The WAN interface on each firewall is just configured like "normal" with DHCP.

So the gateway for clients is the CARP LAN IP, and outbound traffic goes out via the WAN of the current CARP master.

Navigation

[0] Message Index

[#] Next page