[pfSense] failover

Sun, 16 Sep 2012 13:09:03 -0700 

Hi,

Warning: I'm a complete pfSense novice.
I'd like some general information regarding fail-over.

Network layout:

           LAN1
            |
net1 --- pfSense1 --- net2
 |                     |
net1 --- pfSense2 --- net2
            |
           LAN2

LAN1: 10.0.0.0/16
LAN2: 10.1.0.0/16
net1: 172.16.0.0/24
net2: 172.16.1.0/24
pfSense1: 3 NICs connected to LAN1, net1 and net2
pfSense2: 3 NICs connected to LAN2, net1 and net2

Assumption:
pfSense1,2 route LAN1 and LAN2 traffic via net1 by default and use net2 only as 
a backup in case net1 fails. If net1 comes back on-line, packets should be 
re-routed through net1.

Connection example:
HTTP or FTP data download from client in LAN1 (10.0.0.1) and server in LAN2 
(10.1.0.1) through net1 (default route LAN1->LAN2).
While HTTP/FTP download in progress, net1 link fails.

I suppose pfSense1 and pfSense2 can be configured to re-route packets 
automatically in case a link (net1 or net2) fails. However, changing the route 
through a different physical interface should break active connections.

I don't think there's any way of "preserving" a connection in this scenario and 
"moving it transparently" from, say, net1 to net2, so that the user application 
(FTP/HTTP) isn't interrupted. Am I right?
ie. the connection must always be re-initiated/resumed by the client after 
transient network failure and re-routing.

=============================================

Other network layout:

LAN1 --------------- LAN1
 |                    |  
(CARP) pfSense1 --- pfSense2 (pfSync)
 |                    |
net1                 net2
 |                    |
(CARP) pfSense3 --- pfSense4 (pfSync)
 |                    |
LAN2 --------------- LAN2

pfSync: 192.168.100.0/24 (crossover cable)
LAN1, LAN2, net1, net2: same as in previous example

Assumptions:
pfSense1 and pfSense3 are "masters" and route traffic through net1 (default 
route).
pfSense2 and pfSense4 are "slaves" and route traffic through net2.
If net1 fails then all traffic from/to LAN1/LAN2 is sent through net2.

Connection example:
Same as in previous example.
HTTP or FTP data download from client in LAN1 (10.0.0.1) and server in LAN2 
(10.1.0.1) through masters pfSense1 & pfSense3 via net1.
While HTTP/FTP download in progress, net1 link fails and traffic should flow 
through slaves pfSense2 & pfSense4 via net2.

Will the HTTP/FTP client in LAN1 be able to continue downloading the file in 
LAN2 as if there weren't any network disruption?

Thanks,

Vieri
_______________________________________________
List mailing list
[email protected]
http://lists.pfsense.org/mailman/listinfo/list

Reply via email to