pfSense Support Subscription

Author Topic: CARP on WAN with redundant uplinks  (Read 211 times)

0 Members and 1 Guest are viewing this topic.

Offline mrbnet

  • Newbie
  • *
  • Posts: 19
  • Karma: +0/-0
    • View Profile
CARP on WAN with redundant uplinks
« on: October 02, 2017, 09:49:22 am »
In previous setups I run the ISP connections directly into the PFSense boxes. This time I needed to be able to plugin another set of FWs so I added some switches WAN side.

I realized the C and D connections are physically separate which caused some un-expected behavior with failover.

What is the proper way to setup and maintain full redundancy WAN side without creating loops? I could stack the switches or trunk.

Offline Derelict

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 9098
  • Karma: +1037/-307
    • View Profile
Re: CARP on WAN with redundant uplinks
« Reply #1 on: October 02, 2017, 12:19:03 pm »
In that configuration you are relying on the ISP to forward the CARP advertisements. That might not be the best idea.

Can the link to the ISP be LACP?
Las Vegas, Nevada, USA
Use this diagram to describe your issue.
The pfSense Book is now available for just $24.70!
Do Not PM For Help! NO_WAN_EGRESSTM

Offline mrbnet

  • Newbie
  • *
  • Posts: 19
  • Karma: +0/-0
    • View Profile
Re: CARP on WAN with redundant uplinks
« Reply #2 on: October 02, 2017, 12:32:53 pm »
The ISP wasn't forwarding CARP advertisements which is what was causing the issues with failover since the networks were split. Trunking the edge switches took care of that but now I believe we're relying on STP which I'm not sure is a good idea. The ISP should be able to accommodate whatever config we need.

Offline Derelict

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 9098
  • Karma: +1037/-307
    • View Profile
Re: CARP on WAN with redundant uplinks
« Reply #3 on: October 02, 2017, 02:21:17 pm »
This is my "perfect world" diagram...

If that ISP link is a loop with RSTP it should be reasonable as long as you ensure the ISP is the root bridge and everything is sane there. You won't get the aggregation while both links are up however. And some providers charge you for two circuits.
« Last Edit: October 02, 2017, 02:25:33 pm by Derelict »
Las Vegas, Nevada, USA
Use this diagram to describe your issue.
The pfSense Book is now available for just $24.70!
Do Not PM For Help! NO_WAN_EGRESSTM

Offline mrbnet

  • Newbie
  • *
  • Posts: 19
  • Karma: +0/-0
    • View Profile
Re: CARP on WAN with redundant uplinks
« Reply #4 on: October 06, 2017, 09:29:42 am »
The LAGG connections are working great! I believe there is some room to improve the responsiveness of CARP failovers. I'm running a 3750 stack do you know if portfast should be on the port channel or members of the channel?

Offline Derelict

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 9098
  • Karma: +1037/-307
    • View Profile
Re: CARP on WAN with redundant uplinks
« Reply #5 on: October 06, 2017, 02:28:08 pm »
Nothing different should apply. That is all dependent on your STP configuration but it would generally be safe to have portfast enabled I would think.
Las Vegas, Nevada, USA
Use this diagram to describe your issue.
The pfSense Book is now available for just $24.70!
Do Not PM For Help! NO_WAN_EGRESSTM