Dear OpenBSD community, I'll deploy a new redundant firewalls setup in few weeks (waiting for the hardware...). It'll be composed of two 1U supermicro servers and few additional 10GbE nics.
The idea was to use CARP + pfsync as the fail-over mechanism. I already deployed that few time in the past, and we're pretty happy with this setup; maintenance is easy and the setup is rock solid. The only disadvantage IMHO is that there is no way to achieve load balancing between the members of the CARP cluster, one machine is always working while the other is idle. I could define some VLANs on top of CARP interfaces to be MASTER on routerA and some on routerB but still it's not real load balancing. So before making the same setup again I wanted to have your input about that, maybe I'm not aware of other ways to achieve HA/load-balancing using OpenBSD ? Thanks for your help ! Romain Aviolat Senior System Administrator - R&D and ops Infrastructure Kudelski Security - Kudelski Group rte de Genève 22-24, 1033 Cheseaux, SWITZERLAND +41 21 732 03 79
