Re: [pfSense-discussion] fully redundant dual-WAN setup
You are wrong. It IS working, if you set it up correctly. Please don't make such untrue statements. If you need help in setting it up the supportlist or forum is for you but don't tell people it is not working just because YOU were not able to get it running. Holger 2009/8/11 Veiko Kukk veiko.k...@krediidipank.ee: Eugen Leitl wrote: Can any of you point me to a network diagram illustrating such a setup, with two pfSense instances (how many NICs?) and two or three switches? I presume it needs carp+pfsync in order for it to work. I have tried dual wan and dual machine setup with no success. Dual wan pfsense only works with single machine. carp also works, but both carp *and* dual wan together does not work! And seems there are very few who care about pfsense failover ability, probably most people use single machine and single wan setups. -- Veiko - To unsubscribe, e-mail: discussion-unsubscr...@pfsense.com For additional commands, e-mail: discussion-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: discussion-unsubscr...@pfsense.com For additional commands, e-mail: discussion-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense-discussion] fully redundant dual-WAN setup
On Tue, Aug 11, 2009 at 5:03 AM, Veiko Kukkveiko.k...@krediidipank.ee wrote: I have tried dual wan and dual machine setup with no success. Dual wan pfsense only works with single machine. carp also works, but both carp *and* dual wan together does not work! And seems there are very few who care about pfsense failover ability, probably most people use single machine and single wan setups. Bt. Nice assumptions there. I run both CARP and Dual Wan at my primary location and it works fine. If you want help you need to go into details of your setup etc. If its configured correctly it absolutely works great. Scott - To unsubscribe, e-mail: discussion-unsubscr...@pfsense.com For additional commands, e-mail: discussion-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense-discussion] fully redundant dual-WAN setup
On Tue, Aug 11, 2009 at 10:22:52AM -0400, Scott Ullrich wrote: On Tue, Aug 11, 2009 at 5:03 AM, Veiko Kukkveiko.k...@krediidipank.ee wrote: I have tried dual wan and dual machine setup with no success. Dual wan pfsense only works with single machine. carp also works, but both carp *and* dual wan together does not work! And seems there are very few who care about pfsense failover ability, probably most people use single machine and single wan setups. Bt. Nice assumptions there. I run both CARP and Dual Wan at my primary location and it works fine. If you want help you need to go into details of your setup etc. If its configured correctly it absolutely works great. Indeed, see prior post by Chris Buechler: cut-- On Fri, Aug 7, 2009 at 5:41 AM, Eugen Leitleu...@leitl.org wrote: Is any of you running pfSense in a fully redundant hosting setting? Care to share your setup? I've done numerous designs and deployments like this for customers, it's one of the more common things we do. You might find my DCBSDCon 2009 presentation helpful. It covered network perimeter redundancy in general, and showed a specific design that's modeled after the most common hosting/colo environment redundant setups. http://www.youtube.com/watch?v=aElQidbWUxA I'm scared to watch it personally. :) But others have said it's pretty good. I'd stay away from bridging if you can avoid it. Get a /29 on your WAN side and a separate public block for the inside (if you don't want to NAT), with the provider routing the inside subnet to a CARP VIP on WAN. For the second drop, that depends on how they have it setup. Whether they can offer BGP, or if that even makes sense, is NIC bonding a possibility, what are any other potential routing options, etc... That's mostly provider-dependent. Lot more to it than I have time to cover. (though I'd be glad to work with you one on one with the design and setup, see the link in the footer for commercial support) ESX or ESXi are good choices for testing, and it's not unheard of to run your entire hosting/colo infrastructure including firewalls in ESX or ESXi. It can make sense in some scenarios. I typically don't. - To unsubscribe, e-mail: discussion-unsubscr...@pfsense.com For additional commands, e-mail: discussion-h...@pfsense.com Commercial support available - https://portal.pfsense.org -- Eugen* Leitl a href=http://leitl.org;leitl/a http://leitl.org __ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE - To unsubscribe, e-mail: discussion-unsubscr...@pfsense.com For additional commands, e-mail: discussion-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense-discussion] fully redundant dual-WAN setup
From: Veiko Kukk [mailto:veiko.k...@krediidipank.ee] Sent: Tuesday, August 11, 2009 5:04 AM I have tried dual wan and dual machine setup with no success. Dual wan pfsense only works with single machine. carp also works, but both carp *and* dual wan together does not work! And seems there are very few who care about pfsense failover ability, probably most people use single machine and single wan setups. -- Veiko If you are in GTA area I can set it up for you almost for free -))) Eugene. - To unsubscribe, e-mail: discussion-unsubscr...@pfsense.com For additional commands, e-mail: discussion-h...@pfsense.com Commercial support available - https://portal.pfsense.org
RE: [pfSense-discussion] fully redundant dual-WAN setup
-Original Message- Is any of you running pfSense in a fully redundant hosting setting? Care to share your setup? Your ability to utilize the increased bandwidth is dependent on how the uplink is configured. If you create an etherchannel, then the uplink is a function of layer 2, and it should just work. I personally don't have any transparent PFSense boxes in production - I try to leave the layer 2 stuff to the Cisco infrastructure, and use PFsense for Layer 3. If you have control of the upstream router, you can use the OpenBGP package for load balancing across multiple peers, which would let you have multiple independent physical links to the upstream switches. If I may ask - why use transparent mode? I prototype my configurations in a test environment - I have a little old cisco router, a P4 rackmount and a few 2924s and 2950s I bought from a local technology recycler. It cost about $250 to get a network testbed set up for the basic stuff, and I've added on as junk has come my way. It's absolutely worth the money. Best Regards Nathan Eisenberg Sr. Systems Administrator Atlas Networks, LLC - To unsubscribe, e-mail: discussion-unsubscr...@pfsense.com For additional commands, e-mail: discussion-h...@pfsense.com Commercial support available - https://portal.pfsense.org
