Am 5. April 2012 15:07 schrieb Ugo Bellavance <[email protected]>: > On 2012-04-04 17:22, Michael Schuh wrote: > >> >> Ok, but are there drawbacks compared to an alias VIP? >> >> >> In virtual environments you have to take care that the virtual switches >> allow/permit this type of traffic. (p.e. on ESX ) >> the same rule is valid for physical environments, but the most do it out >> of the box. >> > > You mean for CARP? For now I won't be using HA. I'll start with a single > firewall and if the needs ask for it eventually, I'll setup CARP-HA.
Yes. If you like to use CARP, the involved switches have to permit those traffic. Some doesn't in their default configuration. For ESX it means to permit promiscous mode on the switch, that can lead to a security concern so its a good idea to take care on it before you step into such security concerns. http://doc.pfsense.org/index.php/Configuring_pfSense_Hardware_Redundancy_(CARP)#ESX_VDS_Config > >
_______________________________________________ List mailing list [email protected] http://lists.pfsense.org/mailman/listinfo/list
