We had two routers set up using CARP and unfortunately had some issues
with them, and currently have a temporary router in place. We will be
replacing the temp router with a SG-4860 1U HA however that unfortunately has
different interface names, so state sync won't work, and the cutover won't be
transparent.
I understand from
https://doc.pfsense.org/index.php/Redundant_Firewalls_Upgrade_Guide#pfSense_2.2.x_and_pfsync
that using LAGGs can work around this. My question is, is it worth setting up
LAGGs just to allow for future proofing to have the state sync working on
disparate devices if we ever replace a router down the road? Is there any sort
of performance penalty or significant complexity?
Note we have five CARP interfaces, IPv4 and IPv6 for WAN and LAN, and a
LAN IPv4 on a second subnet. So as a first run-through on LAGGs, it seems like
we would need at least four LAGGs for the WAN and LAN interfaces (we can ignore
the secondary LAN for this purpose)? So we would set up four LAGG interfaces
using Failover (?) with one interface each, and have WAN and LAN use those?
Avoiding downtime would be really nice, but I don't think we can get
around that at this point (for this router replacement) since LAGGs apparently
can't be set on an interface that is in use already and thus there would be
downtime to set up LAGGs on our temp router anyway.
--
Steve Yates
ITS, Inc.
_______________________________________________
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold
