On 6/19/2015 12:49 PM, Chuck Mariotti wrote:
In my experience, Carp is not complicated. My standard builds include several internal network, including VLANs and at least two wan connections. Additional WAN connections are great for when that default gateway goes down so you can get into your lan.Are you asking how to connect into your rack from outside the data center? pfSense does have a CARP feature where a second firewall can be set up for failover. It needs a few things like three WAN IPs for the routers (1, 2, and shared), and three LAN IPs >(same), and they recommend a separate interface on each for syncing. If you're asking how to get to the servers, we plug a patch cable into the switch in our rack...Oddly, I am asking so that I can avoid this exact configuration... CARP seems complicated... I am certain I can set it up, but it would require a lot of training for the other techs to be able to manage in a failure situation. Also, I am trying to avoid this because the intention is that they would also being running as VM's... adding another layer of complication... Combine that with VLANS and it isn't something I want to put in the hands of a simple tech at 4am...
Other than setup of CARP, I don't know what training needs to take place for junior techs. Especially in the event of a failure. When a firewall that is part of a CARP cluster fails, another just starts working. At least that how it works in my world.
Mark _______________________________________________ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
