[talk] Who's built redundant pfsense setups?

Sevan / Venture37 venture37 at gmail.com
Thu Dec 4 14:34:05 EST 2014



> On 4 Dec 2014, at 15:22, Justin Sherrill <justin at shiningsilence.com> wrote:
> 
> think/hope I can figure that out, but I remember ike or someone saying that when you had multiple switches, you needed to make sure they... could share an ARP table?

I have a vague memory of what you're referring to but It might be easier if you describe the scenario you're deploying to & how things are currently configured/connected.
Assuming a 2 node firewall setup, there's 3 MAC addresses at play per broadcast domain, 1 for the virtual CARP interface which is shared per node & a mac address per physical interface.
The key being the CARP interface (you could have the physical interfaces just marked up without an IP address). As long as the routers per wan connection can resolve the mac address of the carp interface  (ARP) which should be unique per wan connection, things should just work without having to do anything fancy at layer 2 . So I'd say buy a switch which actually supports STP/RSTP (not "loop protection" as per budget HP grear) & allows the configuration & VLAN's. that should be sufficient.

Sevan / Venture37



More information about the talk mailing list