0

Context: My company is on the verge of a major network improvement, we will expand our network to remote offices via radio bridges. The firewall will be handling:

  • 3 mission critical networks
  • 3 non mission critical networks
  • 3 mission critical voip trunks
  • 4 wan links

The firewall solution will be Pfsense.

Question: To achieve high availability I can't decide if it's better pfsense carp ( https://doc.pfsense.org/index.php/Configuring_pfSense_Hardware_Redundancy_(CARP) ) or virtualization (using hypervisor HA multiple host, live migration etc). Which solution will be more solid and scalable? (I read carp has some limitations)

Consider we have pressing budget constraints so the solution must minimize the costs.

Thank you in advance for your kind replies

eldblz
  • 375
  • 2
  • 11
  • 21
  • How is "virtualization" bringing you HA? – MichelZ Mar 26 '14 at 05:48
  • Yeah. Simple logic will tell that this is not HA in the HA sense (restarting PfSense on another machne - may fail, and will take more time than a failover). – TomTom Mar 26 '14 at 06:07
  • @MichelZ i was referring to virtualizing on multiple host with live migration (or equivalent) the scope of the question is: is better virtualization HA o specific HA of pfsense? I edit the question to make it clear! Thanks – eldblz Mar 26 '14 at 07:45

2 Answers2

2

I definitely think CARP is better suited for this task, as when a Virtualization host is going down, pfSense would need to be restarted on another machine first. (I don't know exactly how VMWare FT works, but I think it has some limitations on it's own)

What we actually do is, we have 2 virtual pfSense appliances going with CARP, each on a separate virtualization host. Best of both worlds :)

We did not experience any big troubles with pfSense CARP, but I'm not a pfSense expert in that matter.

Also, if that infrastructure is mission critical, I guess you have a support contract with the creators of pfSense, and you might want to also ask them for their opinion as well.

MichelZ
  • 11,008
  • 4
  • 30
  • 58
  • Some hypervisor technology allow a VM to be migrated from a (down or not) host to another with less than 2 ping lost, without restart. it is ressource-consuming, but it definitly works. And I guess that's what the OP is thinking of. – mveroone Mar 26 '14 at 08:41
  • Yes, but in the event of VM Host A going down, that does not bring you any kind of HA. You would need VMWare FT for that (automatic restart on failure), and I don't know the limits of FT. (Other solutions probably have the same functionality with different names, I only know of VMware, sorry :) ) – MichelZ Mar 26 '14 at 08:48
  • 1
    afaik, VMware FT allow seamless transition in case of host failure/crash. see http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1013428 biggest downfall is the vCPU limit to 1 – mveroone Mar 26 '14 at 10:04
  • http://serverfault.com/questions/543257/vmware-esxi-vsphere-fault-tolerance-vcpu-limit this question suggest using application HA over virtualization FT. – mveroone Mar 26 '14 at 10:09
  • Virtualisation HA only covers problems with the hardware it would not allow maintenance or cover problems with the pfsense machine itself. – JamesRyan Mar 26 '14 at 10:23
0

Definitely better to use HA w/CARP in that case. That gives you redundancy that you can't get at the hypervisor level, like not going down when doing upgrades.

Chris Buechler
  • 2,938
  • 14
  • 18