Re: [pfSense] pfsense + carp + ha
Yes Am 16.11.2016 19:31 schrieb "Eero Volotinen" : > I think it is possible to use lagg interface for workaround with interface > naming? > > Eero > > 2016-11-16 7:14 GMT+02:00 Chris L : > > > > On Nov 15, 2016, at 1:50 PM, Eero Volotinen > > wrote: > > > > > > same ports? you mean that same port assigment and nic can be different > > type? > > > > > > eero > > > > No. > > > > Hardware should be as identical as possible. 100% identical is best. If > > LAN is em0 on one side, it must be em0 on the other. > > > > > > > > > > 15.11.2016 11.36 ip. "Steve Yates" kirjoitti: > > > > > >>Any hardware should work fine. They recommend a separate > > NIC/port > > >> for the sync traffic since if syncing states there can be a lot of > > traffic > > >> (if not syncing state there is probably very little). I don't think > it > > >> needs to be identical hardware but the rules would need to copy over > so > > it > > >> would need the same ports. > > >> > > >>One gotcha that caught me...under "System/High Availability > > >> Sync/Configuration Synchronization Settings (XMLRPC Sync)" there is a > > >> "Remote System Username" field. That field is ignored, and "admin" is > > >> always used. > > >> > > >> -- > > >> > > >> Steve Yates > > >> ITS, Inc. > > >> > > >> -Original Message- > > >> From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Eero > > >> Volotinen > > >> Sent: Tuesday, November 15, 2016 2:20 PM > > >> To: pfSense Support and Discussion Mailing List < > list@lists.pfsense.org > > > > > >> Subject: [pfSense] pfsense + carp + ha > > >> > > >> Hi List, > > >> > > >> What are requirements for pfsense ha clustering? does any of x86 > > hardware > > >> work with ha? does hardware need to be identical? > > >> > > >> ___ > > >> pfSense mailing list > > >> https://lists.pfsense.org/mailman/listinfo/list > > >> Support the project with Gold! https://pfsense.org/gold > > >> > > > ___ > > > pfSense mailing list > > > https://lists.pfsense.org/mailman/listinfo/list > > > Support the project with Gold! https://pfsense.org/gold > > > > ___ > > pfSense mailing list > > https://lists.pfsense.org/mailman/listinfo/list > > Support the project with Gold! https://pfsense.org/gold > > > ___ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > Support the project with Gold! https://pfsense.org/gold > ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] pfsense + carp + ha
Hello No. Hardware as nic type can be anything. For sure the 2nd node should be able to handle traffic and load E.g. one can be physical with vlan assignments. Other can ve virtual with vNiC per assignment. Will work fine. Simply interface name must be same. And yes. For sure I agree to use identical hardware. But some setups does not need this at all. Br Stephan Am 16.11.2016 06:14 schrieb "Chris L" : > > On Nov 15, 2016, at 1:50 PM, Eero Volotinen > wrote: > > > > same ports? you mean that same port assigment and nic can be different > type? > > > > eero > > No. > > Hardware should be as identical as possible. 100% identical is best. If > LAN is em0 on one side, it must be em0 on the other. > > > > > > 15.11.2016 11.36 ip. "Steve Yates" kirjoitti: > > > >>Any hardware should work fine. They recommend a separate > NIC/port > >> for the sync traffic since if syncing states there can be a lot of > traffic > >> (if not syncing state there is probably very little). I don't think it > >> needs to be identical hardware but the rules would need to copy over so > it > >> would need the same ports. > >> > >>One gotcha that caught me...under "System/High Availability > >> Sync/Configuration Synchronization Settings (XMLRPC Sync)" there is a > >> "Remote System Username" field. That field is ignored, and "admin" is > >> always used. > >> > >> -- > >> > >> Steve Yates > >> ITS, Inc. > >> > >> -Original Message- > >> From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Eero > >> Volotinen > >> Sent: Tuesday, November 15, 2016 2:20 PM > >> To: pfSense Support and Discussion Mailing List > > >> Subject: [pfSense] pfsense + carp + ha > >> > >> Hi List, > >> > >> What are requirements for pfsense ha clustering? does any of x86 > hardware > >> work with ha? does hardware need to be identical? > >> > >> ___ > >> pfSense mailing list > >> https://lists.pfsense.org/mailman/listinfo/list > >> Support the project with Gold! https://pfsense.org/gold > >> > > ___ > > pfSense mailing list > > https://lists.pfsense.org/mailman/listinfo/list > > Support the project with Gold! https://pfsense.org/gold > > ___ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > Support the project with Gold! https://pfsense.org/gold > ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] pfsense + carp + ha
On Nov 16, 2016, at 10:30 AM, Eero Volotinen wrote: > > I think it is possible to use lagg interface for workaround with interface > naming? > > Eero If you want to go that route, by all means do so. Completely unnecessary added complexity, IMHO. That should probably be considered an available workaround to get you out of a jam until the real problem can be fixed. If it’s worth doing HA at all, it’s worth doing right. Use a matching set of HA nodes. > > 2016-11-16 7:14 GMT+02:00 Chris L : > >>> On Nov 15, 2016, at 1:50 PM, Eero Volotinen >> wrote: >>> >>> same ports? you mean that same port assigment and nic can be different >> type? >>> >>> eero >> >> No. >> >> Hardware should be as identical as possible. 100% identical is best. If >> LAN is em0 on one side, it must be em0 on the other. >> >> >>> >>> 15.11.2016 11.36 ip. "Steve Yates" kirjoitti: >>> >>>> Any hardware should work fine. They recommend a separate >> NIC/port >>>> for the sync traffic since if syncing states there can be a lot of >> traffic >>>> (if not syncing state there is probably very little). I don't think it >>>> needs to be identical hardware but the rules would need to copy over so >> it >>>> would need the same ports. >>>> >>>> One gotcha that caught me...under "System/High Availability >>>> Sync/Configuration Synchronization Settings (XMLRPC Sync)" there is a >>>> "Remote System Username" field. That field is ignored, and "admin" is >>>> always used. >>>> >>>> -- >>>> >>>> Steve Yates >>>> ITS, Inc. >>>> >>>> -Original Message- >>>> From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Eero >>>> Volotinen >>>> Sent: Tuesday, November 15, 2016 2:20 PM >>>> To: pfSense Support and Discussion Mailing List >> >>>> Subject: [pfSense] pfsense + carp + ha >>>> >>>> Hi List, >>>> >>>> What are requirements for pfsense ha clustering? does any of x86 >> hardware >>>> work with ha? does hardware need to be identical? >>>> >>>> ___ >>>> pfSense mailing list >>>> https://lists.pfsense.org/mailman/listinfo/list >>>> Support the project with Gold! https://pfsense.org/gold >>>> >>> ___ >>> pfSense mailing list >>> https://lists.pfsense.org/mailman/listinfo/list >>> Support the project with Gold! https://pfsense.org/gold >> >> ___ >> pfSense mailing list >> https://lists.pfsense.org/mailman/listinfo/list >> Support the project with Gold! https://pfsense.org/gold >> > ___ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > Support the project with Gold! https://pfsense.org/gold ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] pfsense + carp + ha
I think it is possible to use lagg interface for workaround with interface naming? Eero 2016-11-16 7:14 GMT+02:00 Chris L : > > On Nov 15, 2016, at 1:50 PM, Eero Volotinen > wrote: > > > > same ports? you mean that same port assigment and nic can be different > type? > > > > eero > > No. > > Hardware should be as identical as possible. 100% identical is best. If > LAN is em0 on one side, it must be em0 on the other. > > > > > > 15.11.2016 11.36 ip. "Steve Yates" kirjoitti: > > > >>Any hardware should work fine. They recommend a separate > NIC/port > >> for the sync traffic since if syncing states there can be a lot of > traffic > >> (if not syncing state there is probably very little). I don't think it > >> needs to be identical hardware but the rules would need to copy over so > it > >> would need the same ports. > >> > >>One gotcha that caught me...under "System/High Availability > >> Sync/Configuration Synchronization Settings (XMLRPC Sync)" there is a > >> "Remote System Username" field. That field is ignored, and "admin" is > >> always used. > >> > >> -- > >> > >> Steve Yates > >> ITS, Inc. > >> > >> -Original Message- > >> From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Eero > >> Volotinen > >> Sent: Tuesday, November 15, 2016 2:20 PM > >> To: pfSense Support and Discussion Mailing List > > >> Subject: [pfSense] pfsense + carp + ha > >> > >> Hi List, > >> > >> What are requirements for pfsense ha clustering? does any of x86 > hardware > >> work with ha? does hardware need to be identical? > >> > >> ___ > >> pfSense mailing list > >> https://lists.pfsense.org/mailman/listinfo/list > >> Support the project with Gold! https://pfsense.org/gold > >> > > ___ > > pfSense mailing list > > https://lists.pfsense.org/mailman/listinfo/list > > Support the project with Gold! https://pfsense.org/gold > > ___ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > Support the project with Gold! https://pfsense.org/gold > ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] pfsense + carp + ha
System/High Availability Sync page shows checkboxes for what to sync. -Original Message- From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Eero Volotinen Sent: Wednesday, November 16, 2016 1:05 AM To: pfSense Support and Discussion Mailing List Subject: Re: [pfSense] pfsense + carp + ha ok. does it also sync all settings like ipsec and openvpn keys? Eero ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] pfsense + carp + ha
ok. does it also sync all settings like ipsec and openvpn keys? Eero 16.11.2016 7.14 ap. "Chris L" kirjoitti: > > On Nov 15, 2016, at 1:50 PM, Eero Volotinen > wrote: > > > > same ports? you mean that same port assigment and nic can be different > type? > > > > eero > > No. > > Hardware should be as identical as possible. 100% identical is best. If > LAN is em0 on one side, it must be em0 on the other. > > > > > > 15.11.2016 11.36 ip. "Steve Yates" kirjoitti: > > > >>Any hardware should work fine. They recommend a separate > NIC/port > >> for the sync traffic since if syncing states there can be a lot of > traffic > >> (if not syncing state there is probably very little). I don't think it > >> needs to be identical hardware but the rules would need to copy over so > it > >> would need the same ports. > >> > >>One gotcha that caught me...under "System/High Availability > >> Sync/Configuration Synchronization Settings (XMLRPC Sync)" there is a > >> "Remote System Username" field. That field is ignored, and "admin" is > >> always used. > >> > >> -- > >> > >> Steve Yates > >> ITS, Inc. > >> > >> -Original Message- > >> From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Eero > >> Volotinen > >> Sent: Tuesday, November 15, 2016 2:20 PM > >> To: pfSense Support and Discussion Mailing List > > >> Subject: [pfSense] pfsense + carp + ha > >> > >> Hi List, > >> > >> What are requirements for pfsense ha clustering? does any of x86 > hardware > >> work with ha? does hardware need to be identical? > >> > >> ___ > >> pfSense mailing list > >> https://lists.pfsense.org/mailman/listinfo/list > >> Support the project with Gold! https://pfsense.org/gold > >> > > ___ > > pfSense mailing list > > https://lists.pfsense.org/mailman/listinfo/list > > Support the project with Gold! https://pfsense.org/gold > > ___ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > Support the project with Gold! https://pfsense.org/gold > ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] pfsense + carp + ha
> On Nov 15, 2016, at 1:50 PM, Eero Volotinen wrote: > > same ports? you mean that same port assigment and nic can be different type? > > eero No. Hardware should be as identical as possible. 100% identical is best. If LAN is em0 on one side, it must be em0 on the other. > > 15.11.2016 11.36 ip. "Steve Yates" kirjoitti: > >>Any hardware should work fine. They recommend a separate NIC/port >> for the sync traffic since if syncing states there can be a lot of traffic >> (if not syncing state there is probably very little). I don't think it >> needs to be identical hardware but the rules would need to copy over so it >> would need the same ports. >> >>One gotcha that caught me...under "System/High Availability >> Sync/Configuration Synchronization Settings (XMLRPC Sync)" there is a >> "Remote System Username" field. That field is ignored, and "admin" is >> always used. >> >> -- >> >> Steve Yates >> ITS, Inc. >> >> -Original Message- >> From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Eero >> Volotinen >> Sent: Tuesday, November 15, 2016 2:20 PM >> To: pfSense Support and Discussion Mailing List >> Subject: [pfSense] pfsense + carp + ha >> >> Hi List, >> >> What are requirements for pfsense ha clustering? does any of x86 hardware >> work with ha? does hardware need to be identical? >> >> ___ >> pfSense mailing list >> https://lists.pfsense.org/mailman/listinfo/list >> Support the project with Gold! https://pfsense.org/gold >> > ___ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > Support the project with Gold! https://pfsense.org/gold ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] pfsense + carp + ha
same ports? you mean that same port assigment and nic can be different type? eero 15.11.2016 11.36 ip. "Steve Yates" kirjoitti: > Any hardware should work fine. They recommend a separate NIC/port > for the sync traffic since if syncing states there can be a lot of traffic > (if not syncing state there is probably very little). I don't think it > needs to be identical hardware but the rules would need to copy over so it > would need the same ports. > > One gotcha that caught me...under "System/High Availability > Sync/Configuration Synchronization Settings (XMLRPC Sync)" there is a > "Remote System Username" field. That field is ignored, and "admin" is > always used. > > -- > > Steve Yates > ITS, Inc. > > -Original Message- > From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Eero > Volotinen > Sent: Tuesday, November 15, 2016 2:20 PM > To: pfSense Support and Discussion Mailing List > Subject: [pfSense] pfsense + carp + ha > > Hi List, > > What are requirements for pfsense ha clustering? does any of x86 hardware > work with ha? does hardware need to be identical? > > ___ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > Support the project with Gold! https://pfsense.org/gold > ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] pfsense + carp + ha
Any hardware should work fine. They recommend a separate NIC/port for the sync traffic since if syncing states there can be a lot of traffic (if not syncing state there is probably very little). I don't think it needs to be identical hardware but the rules would need to copy over so it would need the same ports. One gotcha that caught me...under "System/High Availability Sync/Configuration Synchronization Settings (XMLRPC Sync)" there is a "Remote System Username" field. That field is ignored, and "admin" is always used. -- Steve Yates ITS, Inc. -Original Message- From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Eero Volotinen Sent: Tuesday, November 15, 2016 2:20 PM To: pfSense Support and Discussion Mailing List Subject: [pfSense] pfsense + carp + ha Hi List, What are requirements for pfsense ha clustering? does any of x86 hardware work with ha? does hardware need to be identical? ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] pfsense + carp + ha
I use commodity x86 (64-bit) hardware. I tend to make my pairs identical, so I know the backup can handle the load if the primary keels over. There's no hard requirement for that, though. On Tue, Nov 15, 2016 at 3:19 PM, Eero Volotinen wrote: > Hi List, > > What are requirements for pfsense ha clustering? does any of x86 hardware > work with ha? does hardware need to be identical? > > -- > Eero > ___ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > Support the project with Gold! https://pfsense.org/gold ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
[pfSense] pfsense + carp + ha
Hi List, What are requirements for pfsense ha clustering? does any of x86 hardware work with ha? does hardware need to be identical? -- Eero ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold