Re: [pfSense] pfsense + carp + ha
Hello No. Hardware as nic type can be anything. For sure the 2nd node should be able to handle traffic and load E.g. one can be physical with vlan assignments. Other can ve virtual with vNiC per assignment. Will work fine. Simply interface name must be same. And yes. For sure I agree to use identical hardware. But some setups does not need this at all. Br Stephan Am 16.11.2016 06:14 schrieb "Chris L" <c...@viptalk.net>: > > On Nov 15, 2016, at 1:50 PM, Eero Volotinen <eero.voloti...@iki.fi> > wrote: > > > > same ports? you mean that same port assigment and nic can be different > type? > > > > eero > > No. > > Hardware should be as identical as possible. 100% identical is best. If > LAN is em0 on one side, it must be em0 on the other. > > > > > > 15.11.2016 11.36 ip. "Steve Yates" <st...@teamits.com> kirjoitti: > > > >>Any hardware should work fine. They recommend a separate > NIC/port > >> for the sync traffic since if syncing states there can be a lot of > traffic > >> (if not syncing state there is probably very little). I don't think it > >> needs to be identical hardware but the rules would need to copy over so > it > >> would need the same ports. > >> > >>One gotcha that caught me...under "System/High Availability > >> Sync/Configuration Synchronization Settings (XMLRPC Sync)" there is a > >> "Remote System Username" field. That field is ignored, and "admin" is > >> always used. > >> > >> -- > >> > >> Steve Yates > >> ITS, Inc. > >> > >> -Original Message- > >> From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Eero > >> Volotinen > >> Sent: Tuesday, November 15, 2016 2:20 PM > >> To: pfSense Support and Discussion Mailing List <list@lists.pfsense.org > > > >> Subject: [pfSense] pfsense + carp + ha > >> > >> Hi List, > >> > >> What are requirements for pfsense ha clustering? does any of x86 > hardware > >> work with ha? does hardware need to be identical? > >> > >> ___ > >> pfSense mailing list > >> https://lists.pfsense.org/mailman/listinfo/list > >> Support the project with Gold! https://pfsense.org/gold > >> > > ___ > > pfSense mailing list > > https://lists.pfsense.org/mailman/listinfo/list > > Support the project with Gold! https://pfsense.org/gold > > ___ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > Support the project with Gold! https://pfsense.org/gold > ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] pfsense + carp + ha
On Nov 16, 2016, at 10:30 AM, Eero Volotinen <eero.voloti...@iki.fi> wrote: > > I think it is possible to use lagg interface for workaround with interface > naming? > > Eero If you want to go that route, by all means do so. Completely unnecessary added complexity, IMHO. That should probably be considered an available workaround to get you out of a jam until the real problem can be fixed. If it’s worth doing HA at all, it’s worth doing right. Use a matching set of HA nodes. > > 2016-11-16 7:14 GMT+02:00 Chris L <c...@viptalk.net>: > >>> On Nov 15, 2016, at 1:50 PM, Eero Volotinen <eero.voloti...@iki.fi> >> wrote: >>> >>> same ports? you mean that same port assigment and nic can be different >> type? >>> >>> eero >> >> No. >> >> Hardware should be as identical as possible. 100% identical is best. If >> LAN is em0 on one side, it must be em0 on the other. >> >> >>> >>> 15.11.2016 11.36 ip. "Steve Yates" <st...@teamits.com> kirjoitti: >>> >>>> Any hardware should work fine. They recommend a separate >> NIC/port >>>> for the sync traffic since if syncing states there can be a lot of >> traffic >>>> (if not syncing state there is probably very little). I don't think it >>>> needs to be identical hardware but the rules would need to copy over so >> it >>>> would need the same ports. >>>> >>>> One gotcha that caught me...under "System/High Availability >>>> Sync/Configuration Synchronization Settings (XMLRPC Sync)" there is a >>>> "Remote System Username" field. That field is ignored, and "admin" is >>>> always used. >>>> >>>> -- >>>> >>>> Steve Yates >>>> ITS, Inc. >>>> >>>> -Original Message- >>>> From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Eero >>>> Volotinen >>>> Sent: Tuesday, November 15, 2016 2:20 PM >>>> To: pfSense Support and Discussion Mailing List <list@lists.pfsense.org >>> >>>> Subject: [pfSense] pfsense + carp + ha >>>> >>>> Hi List, >>>> >>>> What are requirements for pfsense ha clustering? does any of x86 >> hardware >>>> work with ha? does hardware need to be identical? >>>> >>>> ___ >>>> pfSense mailing list >>>> https://lists.pfsense.org/mailman/listinfo/list >>>> Support the project with Gold! https://pfsense.org/gold >>>> >>> ___ >>> pfSense mailing list >>> https://lists.pfsense.org/mailman/listinfo/list >>> Support the project with Gold! https://pfsense.org/gold >> >> ___ >> pfSense mailing list >> https://lists.pfsense.org/mailman/listinfo/list >> Support the project with Gold! https://pfsense.org/gold >> > ___ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > Support the project with Gold! https://pfsense.org/gold ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] pfsense + carp + ha
I think it is possible to use lagg interface for workaround with interface naming? Eero 2016-11-16 7:14 GMT+02:00 Chris L <c...@viptalk.net>: > > On Nov 15, 2016, at 1:50 PM, Eero Volotinen <eero.voloti...@iki.fi> > wrote: > > > > same ports? you mean that same port assigment and nic can be different > type? > > > > eero > > No. > > Hardware should be as identical as possible. 100% identical is best. If > LAN is em0 on one side, it must be em0 on the other. > > > > > > 15.11.2016 11.36 ip. "Steve Yates" <st...@teamits.com> kirjoitti: > > > >>Any hardware should work fine. They recommend a separate > NIC/port > >> for the sync traffic since if syncing states there can be a lot of > traffic > >> (if not syncing state there is probably very little). I don't think it > >> needs to be identical hardware but the rules would need to copy over so > it > >> would need the same ports. > >> > >>One gotcha that caught me...under "System/High Availability > >> Sync/Configuration Synchronization Settings (XMLRPC Sync)" there is a > >> "Remote System Username" field. That field is ignored, and "admin" is > >> always used. > >> > >> -- > >> > >> Steve Yates > >> ITS, Inc. > >> > >> -Original Message- > >> From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Eero > >> Volotinen > >> Sent: Tuesday, November 15, 2016 2:20 PM > >> To: pfSense Support and Discussion Mailing List <list@lists.pfsense.org > > > >> Subject: [pfSense] pfsense + carp + ha > >> > >> Hi List, > >> > >> What are requirements for pfsense ha clustering? does any of x86 > hardware > >> work with ha? does hardware need to be identical? > >> > >> ___ > >> pfSense mailing list > >> https://lists.pfsense.org/mailman/listinfo/list > >> Support the project with Gold! https://pfsense.org/gold > >> > > ___ > > pfSense mailing list > > https://lists.pfsense.org/mailman/listinfo/list > > Support the project with Gold! https://pfsense.org/gold > > ___ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > Support the project with Gold! https://pfsense.org/gold > ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] pfsense + carp + ha
System/High Availability Sync page shows checkboxes for what to sync. -Original Message- From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Eero Volotinen Sent: Wednesday, November 16, 2016 1:05 AM To: pfSense Support and Discussion Mailing List <list@lists.pfsense.org> Subject: Re: [pfSense] pfsense + carp + ha ok. does it also sync all settings like ipsec and openvpn keys? Eero ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] pfsense + carp + ha
ok. does it also sync all settings like ipsec and openvpn keys? Eero 16.11.2016 7.14 ap. "Chris L" <c...@viptalk.net> kirjoitti: > > On Nov 15, 2016, at 1:50 PM, Eero Volotinen <eero.voloti...@iki.fi> > wrote: > > > > same ports? you mean that same port assigment and nic can be different > type? > > > > eero > > No. > > Hardware should be as identical as possible. 100% identical is best. If > LAN is em0 on one side, it must be em0 on the other. > > > > > > 15.11.2016 11.36 ip. "Steve Yates" <st...@teamits.com> kirjoitti: > > > >>Any hardware should work fine. They recommend a separate > NIC/port > >> for the sync traffic since if syncing states there can be a lot of > traffic > >> (if not syncing state there is probably very little). I don't think it > >> needs to be identical hardware but the rules would need to copy over so > it > >> would need the same ports. > >> > >>One gotcha that caught me...under "System/High Availability > >> Sync/Configuration Synchronization Settings (XMLRPC Sync)" there is a > >> "Remote System Username" field. That field is ignored, and "admin" is > >> always used. > >> > >> -- > >> > >> Steve Yates > >> ITS, Inc. > >> > >> -Original Message- > >> From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Eero > >> Volotinen > >> Sent: Tuesday, November 15, 2016 2:20 PM > >> To: pfSense Support and Discussion Mailing List <list@lists.pfsense.org > > > >> Subject: [pfSense] pfsense + carp + ha > >> > >> Hi List, > >> > >> What are requirements for pfsense ha clustering? does any of x86 > hardware > >> work with ha? does hardware need to be identical? > >> > >> ___ > >> pfSense mailing list > >> https://lists.pfsense.org/mailman/listinfo/list > >> Support the project with Gold! https://pfsense.org/gold > >> > > ___ > > pfSense mailing list > > https://lists.pfsense.org/mailman/listinfo/list > > Support the project with Gold! https://pfsense.org/gold > > ___ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > Support the project with Gold! https://pfsense.org/gold > ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] pfsense + carp + ha
> On Nov 15, 2016, at 1:50 PM, Eero Volotinen <eero.voloti...@iki.fi> wrote: > > same ports? you mean that same port assigment and nic can be different type? > > eero No. Hardware should be as identical as possible. 100% identical is best. If LAN is em0 on one side, it must be em0 on the other. > > 15.11.2016 11.36 ip. "Steve Yates" <st...@teamits.com> kirjoitti: > >>Any hardware should work fine. They recommend a separate NIC/port >> for the sync traffic since if syncing states there can be a lot of traffic >> (if not syncing state there is probably very little). I don't think it >> needs to be identical hardware but the rules would need to copy over so it >> would need the same ports. >> >>One gotcha that caught me...under "System/High Availability >> Sync/Configuration Synchronization Settings (XMLRPC Sync)" there is a >> "Remote System Username" field. That field is ignored, and "admin" is >> always used. >> >> -- >> >> Steve Yates >> ITS, Inc. >> >> -Original Message- >> From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Eero >> Volotinen >> Sent: Tuesday, November 15, 2016 2:20 PM >> To: pfSense Support and Discussion Mailing List <list@lists.pfsense.org> >> Subject: [pfSense] pfsense + carp + ha >> >> Hi List, >> >> What are requirements for pfsense ha clustering? does any of x86 hardware >> work with ha? does hardware need to be identical? >> >> ___ >> pfSense mailing list >> https://lists.pfsense.org/mailman/listinfo/list >> Support the project with Gold! https://pfsense.org/gold >> > ___ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > Support the project with Gold! https://pfsense.org/gold ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] pfsense + carp + ha
same ports? you mean that same port assigment and nic can be different type? eero 15.11.2016 11.36 ip. "Steve Yates" <st...@teamits.com> kirjoitti: > Any hardware should work fine. They recommend a separate NIC/port > for the sync traffic since if syncing states there can be a lot of traffic > (if not syncing state there is probably very little). I don't think it > needs to be identical hardware but the rules would need to copy over so it > would need the same ports. > > One gotcha that caught me...under "System/High Availability > Sync/Configuration Synchronization Settings (XMLRPC Sync)" there is a > "Remote System Username" field. That field is ignored, and "admin" is > always used. > > -- > > Steve Yates > ITS, Inc. > > -Original Message- > From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Eero > Volotinen > Sent: Tuesday, November 15, 2016 2:20 PM > To: pfSense Support and Discussion Mailing List <list@lists.pfsense.org> > Subject: [pfSense] pfsense + carp + ha > > Hi List, > > What are requirements for pfsense ha clustering? does any of x86 hardware > work with ha? does hardware need to be identical? > > ___ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > Support the project with Gold! https://pfsense.org/gold > ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] pfsense + carp + ha
Any hardware should work fine. They recommend a separate NIC/port for the sync traffic since if syncing states there can be a lot of traffic (if not syncing state there is probably very little). I don't think it needs to be identical hardware but the rules would need to copy over so it would need the same ports. One gotcha that caught me...under "System/High Availability Sync/Configuration Synchronization Settings (XMLRPC Sync)" there is a "Remote System Username" field. That field is ignored, and "admin" is always used. -- Steve Yates ITS, Inc. -Original Message- From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Eero Volotinen Sent: Tuesday, November 15, 2016 2:20 PM To: pfSense Support and Discussion Mailing List <list@lists.pfsense.org> Subject: [pfSense] pfsense + carp + ha Hi List, What are requirements for pfsense ha clustering? does any of x86 hardware work with ha? does hardware need to be identical? ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] pfsense + carp + ha
I use commodity x86 (64-bit) hardware. I tend to make my pairs identical, so I know the backup can handle the load if the primary keels over. There's no hard requirement for that, though. On Tue, Nov 15, 2016 at 3:19 PM, Eero Volotinenwrote: > Hi List, > > What are requirements for pfsense ha clustering? does any of x86 hardware > work with ha? does hardware need to be identical? > > -- > Eero > ___ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > Support the project with Gold! https://pfsense.org/gold ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
[pfSense] pfsense + carp + ha
Hi List, What are requirements for pfsense ha clustering? does any of x86 hardware work with ha? does hardware need to be identical? -- Eero ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] Pfsense CARP
Just to close the case. I'm using LAGG in all my carp interfaces and I was using LOAD BALANCE algorithm. I changed to FAILOVER and it seems to be working well. It was something on my switch (Dell N Series), but I'll investigate later. Thanks! On Tue, Aug 11, 2015 at 10:45 AM, Sergio Mira - Gerencianet ser...@gerencianet.com.br wrote: Hello all, I'm working at a scenario where all my interfaces are using CARP over lagg. When I disable (on switch) a lagg linked to my primary pf, that interface becomes *INIT *on primary node and *MASTER *on my secondary node. Problem is the other interfaces (such as WAN) does not become *MASTER* on secondary node. I want to, in any case of failure, all my carp over lagg interfaces become master on the secondary node. Is this not a typical scenario? Thanks! -- Best regards, || -- || _Sergio Mira - Infrastructure Analyst || °v° Gerencianet Pagamentos do Brasil || /(_)\ www.gerencianet.com.br || ^ ^ E: ser...@gerencianet.com.br ||T: +55.31.3603.0816 ||M: +55.31.9192.9788 || -- || Linux User #497558 || Use Linux and be free. -- Best regards, || -- || _Sergio Mira - Infrastructure Analyst || °v° Gerencianet Pagamentos do Brasil || /(_)\ www.gerencianet.com.br || ^ ^ E: ser...@gerencianet.com.br ||T: +55.31.3603.0816 ||M: +55.31.9192.9788 || -- || Linux User #497558 || Use Linux and be free. ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
[pfSense] Pfsense CARP
Hello all, I'm working at a scenario where all my interfaces are using CARP over lagg. When I disable (on switch) a lagg linked to my primary pf, that interface becomes *INIT *on primary node and *MASTER *on my secondary node. Problem is the other interfaces (such as WAN) does not become *MASTER* on secondary node. I want to, in any case of failure, all my carp over lagg interfaces become master on the secondary node. Is this not a typical scenario? Thanks! -- Best regards, || -- || _Sergio Mira - Infrastructure Analyst || °v° Gerencianet Pagamentos do Brasil || /(_)\ www.gerencianet.com.br || ^ ^ E: ser...@gerencianet.com.br ||T: +55.31.3603.0816 ||M: +55.31.9192.9788 || -- || Linux User #497558 || Use Linux and be free. ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold