On Thu, Dec 17, 2009 at 4:09 PM, Trevor Benson <[email protected]> wrote: > On Dec 16, 2009, at 5:41 PM, Chris Buechler wrote: > >> On Wed, Dec 16, 2009 at 7:14 PM, Trevor Benson <[email protected]> >> wrote: >>> I noticed that when creating a CARP virtual that it requires it to be >>> attached to an interface with the same network. However when creating a >>> proxy arp, it does not have this requirement. Wouldn't it be logical to >>> allow them to have the same validation check? >> >> CARP cannot have VIPs off-subnet, proxy ARP can and in some >> circumstances is necessary. > > I just jumped onto one of our OpenBSD 4.2 systems that has not been replaced > by pfSense, and configured "off-subnet" CARP addresses without any issue. To > keep from failing over the pair i added it to both interfaces, found master > on A with a slight skew on B, destroyed the CARP interface on A (as not to > preempt all interfaces onto B), and then B becomes master without a hitch. Is > this a limitation of Carp on FreeBSD as we have been using these > configurations with OpenBSD since v4.2 (well over a year if not approaching > 2). >
It was a FreeBSD issue, something we need to look at again in 8. >> They should be routing the /27 to a CARP IP on your /29. Then you use >> Other type VIPs for the /27. > > This works until failure occurs, and then you have the failover unit missing > the configuration for the /27 allocation and > have to manually configure the VIPs on the failover system. No, as I said, not proxy ARP, Other type VIPs. That will seamlessly failover, you don't need ARP when it's routed to one of your CARP IPs. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected] Commercial support available - https://portal.pfsense.org
