[pfSense] Replacing a Linux router with pfSense
David Brown
david at westcontrol.com
Wed Sep 21 09:55:04 EDT 2011
On 21/09/2011 14:05, Chris Buechler wrote:
> On Wed, Sep 21, 2011 at 7:55 AM, Tonix (Antonio Nati)
> <tonix at interazioni.it> wrote:
>>
>> I think you should examine how CARP works on your routers and how it works
>> in pfsense.
>>
>> In pre 2.0 version, PFsense CARP has a (fixed) different zone for each
>> interface, so if an interface goes down it switches only that interface, and
>> traffic bind to that interface becomes unreachable.
>> It is useful only if a machine goes down, not if an interface goes down.
>>
>> If you actually switch all interfaces when one goes down, you can't do on
>> pfsense.
>
> That's not true and never been true, the behavior of all versions is
> to switch over all CARP IPs if any NIC on the primary can no longer
> communicate with the secondary. You have something wrong on your
> setup, or have intentionally disabled that via a manual hack, if
> that's what yours does.
Just to confirm what I'm looking for here, I would want to switch over
to the secondary if any of the NICs on the main system failed, or if the
main system itself failed. But it should not switch if interfaces such
as the VPNs fail.
Realistically, it is probably the router computer itself (disk, cpu fan,
power supply) that will fail rather than the NICs.
More information about the List
mailing list