On Fri, Aug 7, 2009 at 5:41 AM, Eugen Leitl<eu...@leitl.org> wrote: > > Is any of you running pfSense in a fully redundant hosting setting? > Care to share your setup? >
I've done numerous designs and deployments like this for customers, it's one of the more common things we do. You might find my DCBSDCon 2009 presentation helpful. It covered network perimeter redundancy in general, and showed a specific design that's modeled after the most common hosting/colo environment redundant setups. http://www.youtube.com/watch?v=aElQidbWUxA I'm scared to watch it personally. :) But others have said it's pretty good. I'd stay away from bridging if you can avoid it. Get a /29 on your WAN side and a separate public block for the inside (if you don't want to NAT), with the provider routing the inside subnet to a CARP VIP on WAN. For the second drop, that depends on how they have it setup. Whether they can offer BGP, or if that even makes sense, is NIC bonding a possibility, what are any other potential routing options, etc... That's mostly provider-dependent. Lot more to it than I have time to cover. (though I'd be glad to work with you one on one with the design and setup, see the link in the footer for commercial support) ESX or ESXi are good choices for testing, and it's not unheard of to run your entire hosting/colo infrastructure including firewalls in ESX or ESXi. It can make sense in some scenarios. I typically don't. --------------------------------------------------------------------- To unsubscribe, e-mail: discussion-unsubscr...@pfsense.com For additional commands, e-mail: discussion-h...@pfsense.com Commercial support available - https://portal.pfsense.org
