[pfSense] Replacing a Linux router with pfSense
david at westcontrol.com
Wed Sep 21 10:06:43 EDT 2011
On 21/09/2011 14:28, Jim Pingle wrote:
>> On Wed, Sep 21, 2011 at 5:13 AM, David Brown<david at westcontrol.com> wrote:
>>> First, on the Linux system I have two hard disks, each with two partitions.
>>> The first partition on each is set as a software RAID1 and contains the OS,
>>> configuration, data, etc. The second partition on each is separate and
>>> contains a squid cache. Thus the system will boot and run fine even if one
>>> disk fails (losing half the squid cache will not be harmful). Can I do
>>> something similar with pfSense? I know a great deal about Linux software
>>> raid, but nothing about FreeBSD.
>> FreeBSD does soft RAID, but I can't tell you the state of it in
>> pfsense. Somebody here will chime in.
> gmirror works great. I've been using it for years on pfSense with much
> success. There is even a gmirror monitor widget for the dashboard.
OK, I'll have a look at that. If I get a redundant setup with CARP
working then there is not the same need for raid - the whole router can
be switched out. But it is still nice to have, and makes recovery and
rebuilding much easier.
> On 9/21/2011 8:10 AM, Seth Mos wrote:
>> On 21-9-2011 13:26, David Burgess wrote:
>>>> I am seriously considering getting two pfSense boxes with CARP failover.
>>>> Does this require identical hardware on the two systems (or perhaps
>>>> identical network card setups)?
>>> I don't think this is a requirement for CARP.
>> This is not a requirement, however, if the master is gigabit make sure
>> the backup has gigabit too.
> The hardware doesn't have to be the same, but the number of assigned
> NICs and the order in which they were assigned must be the same.
OK. My current hardware has 2 motherboard GBit NICs and a 4x100Mb card
- when I buy a new system, it will probably be a little newer and be all
GBit NICs (and faster processor, etc.). This would then be the primary
system. It is absolutely fine that a switchover to the secondary system
means a loss in speed of the links, as long as the links all work!
I am (as yet) very unfamiliar with FreeBSD. But as far as I can see,
the names of the interfaces is dependent on the drivers, unlike Linux
(which typically calls them eth0, eth1, etc., regardless of the
drivers). In Linux, you can use the "udev" rules to set specific names
for the devices based on the MAC address of the port - that keeps them
consistent even if you swap cards around to different ports. Can I do
something similar with pfSense so that the NIC names are consistent even
though the two routers have different hardware?
Incidentally, can I assume that FreeBSD will support the NICs on the
motherboard and add-in cards, without having to be too specific about
the types? I am not trying to use anything too esoteric, such as 10 GB
cards or tcp offload engines - just a small Dell or IBM rack server with
a four-port Ethernet card.
>>>> How much information is passed over the
>>>> link between the boxes - does it cover all setup, configuration,
>>>> rules, dhcp
>>>> leases, etc.? How often does this synchronisation take place?
>>> Not sure.
>> It synchronizes state for traffic failover, the rest is toggle boxes on
>> the virtuall IP settings page. Leases are not transferred, static
>> mappings are, you can do DHCP on both nodes with failover, see the DHCP
>> settings page for that.
> If you have DHCP sync checked and failover configured, the lease
> databases should be synchronizing IIRC, it's just done by DHCP itself
> and not by the XMLRPC sync process.
Thanks for your help,
More information about the List