Project

General

Profile

Actions
Copy link

Bug #3042

closed

CARP interface handling

Added by Jupiter Vuorikoski almost 12 years ago. Updated about 11 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Category:
-
Target version:
-
Start date:
06/13/2013
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
All
Affected Architecture:

Description

Currently PfSense handles carp interfaces as Layer 3 interfaces with a static IP-address on the created interface. However, an implementation with carp virtual mac addressing on the carp interface (as it is done often with plain pf and carp) and then using "assign network ports" like on any other interface (vlan, physical etc.) would allow for a much much more flexible configuration with ie multi-firewall single link wan with dhcp addressing failover etc. for equipment redundancy in locations where the link is considered stable but equipment not so much so.

I do not consider this a feature request since testing on 2.1-rc0 proved this configurable but dysfunctional due to the missing virtual mac with a dhcp client interface assigned on the carp interface. PfSense also didnt fail the unnumbered carp interface over to the secondary device for reasons unknown when tested. Conjecturing to be related to "missing" ip addressing on carp interface and some bug there with failover and advertisements on dhcp interfaces. (the failover shouldnt need addressing on the carp interface anyway). I would imagine this would require some changes in interface configuration on bootup as well.

-Jupiter Vuorikoski

Actions
Copy link
 #1

Updated by Jim Pingle almost 12 years ago

  • Target version deleted (2.1)
  • Affected Version changed from 2.1 to All

It's too late for more 2.1 features, removing 2.1 target.

Actions
Copy link
 #2

Updated by Jim Pingle almost 12 years ago

Also newcarp in FreeBSD 10.x does away with the interface notion entirely so I'm not sure it's a viable request for the future either. Will leave it open for discussion.

Actions
Copy link
 #3

Updated by Jupiter Vuorikoski almost 12 years ago

This seems like bad news. PfSense with the current carp interface-based failover seemed like an excellent way to do the aforementioned dhcp-client redundancy. I would imagine I am not the only one who could use such a feature. This would be especially useful with kvm openstack firewalls. Perhaps a different kind of a L2 redundancy mechanism can be implemented in the future?

Actions
Copy link
 #4

Updated by Chris Buechler about 11 years ago

  • Status changed from New to Closed

CARP in 10 does indeed change this

Actions
Copy link

Also available in: Atom PDF