Currently I have a redundant pfSense firewall system set up for our corporate server farm. The main router IPs are sharing an IP address through Carp. Our two public /27 networks are assigned as proxy arp addresses to the wan interfaces and are routed to the shared Carp address.
IE:
public carp: 10.10.10.10
firewall 1: 10.10.10.11
firewall 2: 10.10.10.12
network 172.31.1.0/27 routed to 10.10.10.10
(proxy arp network assigned to WAN in firewall)
network 172.31.2.0/27 routed to 10.10.10.10
(proxy arp network assigned to WAN in firewall)
My question is, would it be a better practice to use Carp for those /27 networks? I'm reading a decent amount of warnings that proxy arps can screw up traffic.
My redundancy lies in the firewall, so I dont think that Carp is necessary for the other networks. Any advice that is out there would be helpful?