Am 7. April 2012 02:14 schrieb Ugo Bellavance <u...@lubik.ca>: > On 2012-04-05 16:04, Michael Schuh wrote: > >> >> >> Am 5. April 2012 15:07 schrieb Ugo Bellavance >> <u...@lubik.ca >> <mailto:u...@lubik.ca>>: >> >> >> On 2012-04-04 17:22, Michael Schuh wrote: >> >> >> Ok, but are there drawbacks compared to an alias VIP? >> >> >> In virtual environments you have to take care that the virtual >> switches >> allow/permit this type of traffic. (p.e. on ESX ) >> the same rule is valid for physical environments, but the most >> do it out >> of the box. >> >> >> You mean for CARP? For now I won't be using HA. I'll start with a >> single firewall and if the needs ask for it eventually, I'll setup >> CARP-HA. >> >> >> Yes. If you like to use CARP, the involved switches have to permit those >> traffic. >> Some doesn't in their default configuration. For ESX it means to permit >> promiscous mode on the switch, >> that can lead to a security concern so its a good idea to take care on >> it before you step into such security concerns. >> >> http://doc.pfsense.org/index.**php/Configuring_pfSense_** >> Hardware_Redundancy_(CARP)#**ESX_VDS_Config<http://doc.pfsense.org/index.php/Configuring_pfSense_Hardware_Redundancy_(CARP)#ESX_VDS_Config> >> > > Ok, so I must keep in mind that if I ever use CARP for HA on VMWare, I > must allo promiscuous mode in the switch, but my question was more "Why > should I use CARP now"... I guess the answer is that if I use plain > aliases, I'll have to reconfigure all my VIPs if I ever need to do HA. > Right? > > > ok. based on those limited informatsions i have and my personal impression: if you don't know it, do not use it. :8~)
and yes if you use CARP your IP-Setup may be slightly different. some gerneral rules: KISS - Keep it super simple (simple as possible) first make it work, than make it beautiful. HTH -- = = = http://michael-schuh.net/ = = = Projektmanagement - IT-Consulting - Professional Services IT Michael Schuh Postfach 10 21 52 66021 Saarbrücken phone: 0681/8319664 mobil: 0175/5616453 @: m i c h a e l . s c h u h @ g m a i l . c o m = = = Ust-ID: DE251072318 = = =
_______________________________________________ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
