On Tue, Aug 11, 2009 at 10:22:52AM -0400, Scott Ullrich wrote: > On Tue, Aug 11, 2009 at 5:03 AM, Veiko Kukk<[email protected]> wrote: > > I have tried dual wan and dual machine setup with no success. Dual wan > > pfsense only works with single machine. carp also works, but both carp > > *and* dual wan together does not work! > > And seems there are very few who care about pfsense failover ability, > > probably most people use single machine and single wan setups. > > Bzzzzt. Nice assumptions there. I run both CARP and Dual Wan at my > primary location and it works fine. If you want help you need to go > into details of your setup etc. If its configured correctly it > absolutely works great.
Indeed, see prior post by Chris Buechler: --------------------------------cut---------------------------------- On Fri, Aug 7, 2009 at 5:41 AM, Eugen Leitl<[email protected]> wrote: > > Is any of you running pfSense in a fully redundant hosting setting? > Care to share your setup? > I've done numerous designs and deployments like this for customers, it's one of the more common things we do. You might find my DCBSDCon 2009 presentation helpful. It covered network perimeter redundancy in general, and showed a specific design that's modeled after the most common hosting/colo environment redundant setups. http://www.youtube.com/watch?v=aElQidbWUxA I'm scared to watch it personally. :) But others have said it's pretty good. I'd stay away from bridging if you can avoid it. Get a /29 on your WAN side and a separate public block for the inside (if you don't want to NAT), with the provider routing the inside subnet to a CARP VIP on WAN. For the second drop, that depends on how they have it setup. Whether they can offer BGP, or if that even makes sense, is NIC bonding a possibility, what are any other potential routing options, etc... That's mostly provider-dependent. Lot more to it than I have time to cover. (though I'd be glad to work with you one on one with the design and setup, see the link in the footer for commercial support) ESX or ESXi are good choices for testing, and it's not unheard of to run your entire hosting/colo infrastructure including firewalls in ESX or ESXi. It can make sense in some scenarios. I typically don't. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected] Commercial support available - https://portal.pfsense.org -- Eugen* Leitl <a href="http://leitl.org";>leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected] Commercial support available - https://portal.pfsense.org
