No way to get additional PCI nics in there. I have actually the same case (see http://pfsense.com/~hoba/Bild001.jpg ; the machine at the bottom). You either can use vlans and do the syncing on a seperate vlan or even do the syncing on LAN. CARP sends out heartbeats at all interfaces that have a CARP IP, so it's doing heartbeat at WAN and at LAN. The dedicated SYNC interface is meant for syncing states between cluster members with pfsync, however, as already mentioned it can be set to sync on LAN too.
CF-Cards and embedded image will work fine with these boxes (depending on the board you use of course but I didn't have issues with my C3s so far). Holger -----Original Message----- From: Eugen Leitl [mailto:[EMAIL PROTECTED] Sent: Wednesday, December 20, 2006 6:00 PM To: [email protected] Subject: Re: [pfSense-discussion] 2-node pfSense cluster failover On Wed, Dec 20, 2006 at 05:11:42PM +0100, Peter Allgeyer wrote: > Seems that there is the possibility for two PCI-Slots in that case. So > you're able to use dual- or even quad-port ethernet cards with it. It's a mechanical fit issue (NICs colliding with motherboard heatsinks? or drives? I forget). It might also require special PCI slot risers -- unfortunately, http://lib.store.yahoo.net/lib/directron/C147600TOP.jpg no way to check save of actually plugging things in. It certainly didn't work with the original 3.5" hard drives, which is why I didn't install them in the last place (by the way, don't run 3.5" hard drives in that Travla C147 case, since there is not enough airflow -- I'm pretty sure those PATA Maxtors rated for 24/365 use died one after another due to overheating). At worst I can just configure the firewalls identically, and use VLANs on the main switch to switch over manually, should one fail. Not exactly zero downtime, but much better than just relying on soft firewalls as now. > Besides that, I can't recommend a HA design with two machines in the > same case. In case of a failure, you want to change hardware without > shutting down both firewalls, don't you? Go out and buy two separate I can actually pull it out and do brain surgery on the other machine without disturbing another. In case the node actually dies I will probably switch to a backup firewall, which will be in place by then. > machines and you're well prepared. Sorry, not enough money so far. Hardware keeps dying, not enough customers. Apropos of dead hardware, if anyone is looking for a reasonable Level 2 24-port GBit Ethernet switch, http://www.netgear.com/Products/Switches/SmartSwitches/GS724T.aspx is a good value for the money. Can handle jumbo frames, has some bugs fixed in recent firmware, so be sure to upgrade (make sure your model is a v2). Netgear is usually consumer crap, but this particular switch seems to be usable (don't blame me if it doesn't work for you, though). -- Eugen* Leitl <a href="http://leitl.org";>leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
