[pfSense] HA and ifstated

Ermal Luçi eri at pfsense.org
Tue May 15 05:34:26 EDT 2012


On Mon, May 14, 2012 at 6:45 PM, Michael Schuh <michael.schuh at gmail.com> wrote:
>
>
> 2012/5/14 Ermal Luçi <eri at pfsense.org>
>>
>> On Mon, May 14, 2012 at 9:14 AM, Vick Khera <vivek at khera.org> wrote:
>> > Isn't this automatic with CARP?
>> >
>>
>> Normally in pfSense yes.
>> The guys coming from cmd line still want to do things their way even
>> though the system they installed is suposed to solve for them the
>> headaches :)
>>
>> > On Mon, Apr 30, 2012 at 4:35 AM, Pedro Serotto <pedro.serotto at yahoo.es>
>> > wrote:
>> >> With ifstated I can catch the fault and demote the carp interface to
>> >> guarantee the service continuity.
>> >>
>> >> How can I do that in pfsense ?
>> > _______________________________________________
>> > List mailing list
>> > List at lists.pfsense.org
>> > http://lists.pfsense.org/mailman/listinfo/list
>> _______________________________________________
>> List mailing list
>> List at lists.pfsense.org
>> http://lists.pfsense.org/mailman/listinfo/list
>
>
> http://doc.pfsense.org/index.php/Configuring_pfSense_Hardware_Redundancy_(CARP)
>
> and
>
> http://www.google.com/search?q=how+carp+works
>
> from first hit:
> ...
> By combining the features of CARP and pfsync, a group of two or more
> firewalls can be used to create a highly-available, fully redundant firewall
> cluster.CARP:Handles the automatic failover of one firewall to
> another.pfsync:Synchronizes the state table amongst all the firewalls. In
> the event of a failover, traffic can flow uninterrupted through the new
> master firewall.
> ...
>
>
> ifstated comes into the game if you have to manage application reloads/up's
> and downs
> based at the state of a NIC/Interface...
>
> AFAIK The IP-Take over on the NIC itself is managed automagically by carp.
> Its built-in funtionality of that protocol.
> Applications like mysql, lighttpd, apache, cyrus, just to name few, need to
> know that there is now another IP-Address
> where they have to listen too...so you can tell them about with ifstated.
> it are mostly a bit more complex jobs to do triggerefd by ifstated, this is
> just a simple example
>

That is why you people use pfSense to not have to hack around, no?!

> hth
>
> greetings
>
> m.
>
> --
> = = =  http://michael-schuh.net/  = = =
> Projektmanagement - IT-Consulting - Professional Services IT
> Michael Schuh
> Postfach 10 21 52
> 66021 Saarbrücken
> phone: 0681/8319664
> mobil:  0175/5616453
> @: m i c h a e l . s c h u h @ g m a i l . c o m
>
> = = =  Ust-ID:  DE251072318  = = =
>
> _______________________________________________
> List mailing list
> List at lists.pfsense.org
> http://lists.pfsense.org/mailman/listinfo/list
>


More information about the List mailing list