Netgate SG-1000 microFirewall

Author Topic: Secondary node as CARP master  (Read 113 times)

0 Members and 1 Guest are viewing this topic.

Offline ettorsson

  • Newbie
  • *
  • Posts: 1
  • Karma: +0/-0
    • View Profile
Secondary node as CARP master
« on: January 21, 2018, 02:42:36 am »
I have 2 Pfsense machines in a cluster.
What I have read is that they can not have them as active-active but must be in active-passive. However, it is possible to have one node active for some networks and have the other as backup and vice versa.

For example

Node 1
Network 2 master
Network 3 backup

Node 2
Network 2 backup
Network 3 master

This will result in both nodes having CARP addresses active but not the same as the other node.

Offline IcePick

  • Newbie
  • *
  • Posts: 6
  • Karma: +0/-0
    • View Profile
Re: Secondary node as CARP master
« Reply #1 on: January 24, 2018, 08:04:20 am »
You can manipulate the skew to achieve this,
pretty sure you will have to disable Virtual IPs from the HA config sync, other wise the sync will make sure the secondary is larger then the primary.

also: I am not advocating you do this, I have never tested this sort of config. Not sure if any strangeness might occur.