On 2012-04-05 16:04, Michael Schuh wrote:
Am 5. April 2012 15:07 schrieb Ugo Bellavance <[email protected] <mailto:[email protected]>>: On 2012-04-04 17:22, Michael Schuh wrote: Ok, but are there drawbacks compared to an alias VIP? In virtual environments you have to take care that the virtual switches allow/permit this type of traffic. (p.e. on ESX ) the same rule is valid for physical environments, but the most do it out of the box. You mean for CARP? For now I won't be using HA. I'll start with a single firewall and if the needs ask for it eventually, I'll setup CARP-HA. Yes. If you like to use CARP, the involved switches have to permit those traffic. Some doesn't in their default configuration. For ESX it means to permit promiscous mode on the switch, that can lead to a security concern so its a good idea to take care on it before you step into such security concerns. http://doc.pfsense.org/index.php/Configuring_pfSense_Hardware_Redundancy_(CARP)#ESX_VDS_Config
Ok, so I must keep in mind that if I ever use CARP for HA on VMWare, I must allo promiscuous mode in the switch, but my question was more "Why should I use CARP now"... I guess the answer is that if I use plain aliases, I'll have to reconfigure all my VIPs if I ever need to do HA. Right?
_______________________________________________ List mailing list [email protected] http://lists.pfsense.org/mailman/listinfo/list
