Yes, there's downtime to set up LAGs. So this won't help avoid all downtime. Since the SG-2440 just went EOL, I would expect the SG-4860 will also go EOL soon, perhaps next quarter (Q1’18). There is a small performance hit. It's not large - certainly not large enough that I ever cared to measure it. Unless you are pinning the CPU regularly, I expect it would be undetectable. There is a much bigger hit in complexity, since you still can't set up LAGs during initial setup, necessitating a dedicated mgmt interface to avoid certain types of "oops, oh shit" problems. -Adam
On November 28, 2017 5:08:48 PM CST, Steve Yates <st...@teamits.com> wrote: > We had two routers set up using CARP and unfortunately had some issues >with them, and currently have a temporary router in place. We will be >replacing the temp router with a SG-4860 1U HA however that >unfortunately has different interface names, so state sync won't work, >and the cutover won't be transparent. > > I understand from >https://doc.pfsense.org/index.php/Redundant_Firewalls_Upgrade_Guide#pfSense_2.2.x_and_pfsync >that using LAGGs can work around this. My question is, is it worth >setting up LAGGs just to allow for future proofing to have the state >sync working on disparate devices if we ever replace a router down the >road? Is there any sort of performance penalty or significant >complexity? > > Note we have five CARP interfaces, IPv4 and IPv6 for WAN and LAN, and >a LAN IPv4 on a second subnet. So as a first run-through on LAGGs, it >seems like we would need at least four LAGGs for the WAN and LAN >interfaces (we can ignore the secondary LAN for this purpose)? So we >would set up four LAGG interfaces using Failover (?) with one interface >each, and have WAN and LAN use those? > > Avoiding downtime would be really nice, but I don't think we can get >around that at this point (for this router replacement) since LAGGs >apparently can't be set on an interface that is in use already and thus >there would be downtime to set up LAGGs on our temp router anyway. > >-- > >Steve Yates >ITS, Inc. > >_______________________________________________ >pfSense mailing list >https://lists.pfsense.org/mailman/listinfo/list >Support the project with Gold! https://pfsense.org/gold -- Sent from my Android device with K-9 Mail. Please excuse my brevity. _______________________________________________ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
