On Wed, Nov 14, 2012 at 1:09 PM, Oliver Schad < [email protected]> wrote:
> Hi, > > pfsense enforces carp constraints which restrict usage of carp to a use > case where the host IP must be in the same network as the virtual IP. > > If I look into the BSD documentation I don't find this restriction. I > read in the OpenBSD documentation (sorry for that, but I don't find it > in the FreeBSD docs): > > "This is the shared IP address assigned to the redundancy group. This > address does not have to be in the same subnet as the IP address on the > physical interface (if present). This address needs to be the same on > all hosts in the group, however." > > Do you agree with this documentation on FreeBSD? If so I wish strongly > to remove the restriction in the pfSense software. > > The only problem on your logic is that Open and Free do not have the same carp version. In FreeBSD 9 you can use a /30 ip as a vip since only one address is required rather than 3 for carp. > We have a use case here, where we want to build up a HA solution with > some /29 IPv4 networks. If you assume that you get many public /29 > networks you don't want to assign for each pfSense a address from all > networks. > > Assume all addresses are in use with 1:1 NAT - you see the problem here? > I have to change many many many stuff here to make it work with a > pfsense HA cluster. Not everywhere is DNS used, find all clients which > uses this IP and port, make change requests to other companies ... > > The easiest way to migrate would be to make the "old" public IP the > virtual IP and give the devices one public IP from only one subnet or > give them no public host IP at all. In the second case the backup > device woudln't have a working default route but that would be okay in > this case. > Change the setup is much more expensive, so no default route is the > better case. > > Regards > Oli > > _______________________________________________ > List mailing list > [email protected] > http://lists.pfsense.org/mailman/listinfo/list > >
_______________________________________________ List mailing list [email protected] http://lists.pfsense.org/mailman/listinfo/list
