pfSense high availability (HA) function introduction

什么是高可用性？

高可用性 (HA) It is an important concept in systems engineering,It eliminates a single point of failure,Ensure continuous operation even in the event of a hardware or software failure.Network specific,It allows network engineers or administrators to replace or repair faulty devices or components,without affecting services and end users.从概念上讲,This is similar to data storage RAID1,When using a pair of hard disks in mirroring to store redundant data,Even if one hard drive fails,作为一个整体,The array also does not lose data and remains accessible.

ITA phrase often used in the industry：“Two is one,One is nothing”.If there are two identical devices,You should expect only one of them to be normal,Because hardware can fail for any reason at any time,And it usually comes when it's least expected.If no fault backup is made,Normal work may be affected.

When considering whether a high-availability setup should be made,Risks and benefits must be weighed.If a particular function of the business is considered critical to the profitability of the business,But there is no suitable redundancy,Then it should be remedied as soon as possible,And test frequently to ensure proper functionality.

CARP – 跳动的心脏

CARP,That is, the Universal Address Redundancy Protocol,是一种类似于VRRP 的协议,It allows a group of hosts on a local area network“共享”一个IP地址,Monitor which device currently has it“控制权”,And allow one of the devices to always control the address between the available devices.

在典型的CARP配置中,Two firewalls will have three each enabled IP 地址：One for the interface itself on both nodes,另外一个用于CARP 虚拟 IP 地址 (VIP) 的共享IP地址.Every interface that carries user traffic must meet this requirement,Including wide area network.

它的工作原理如下 ：

1. 在使用CARPThe switches connected to both nodes on the interface must be able to handle multicast traffic correctly.
2. WAN IPMust be a static address,mask must be less than29码,才能为CARP提供3more than one available address.
3. Assume that only one is used on both devices WAN 和一个 LAN 接口,LAN 接口使用192.168.1.0/24网络, WAN 接口使用198.51.100.0/24网络 .
4. 防火墙IPExample of address setting：

1. 防火墙1是主节点,LAN地址192.168.1.2,WAN地址198.51.100.201
2. 防火墙2是辅助节点,LAN地址192.168.1.3,WAN 地址198.51.100.202
3. Two firewalls share one for LAN的CARP IP地址192.168.1.1,And as a gateway for all clients.WAN 的共享 CARP IP 地址是 198.51.100.200.

配置完成后,防火墙1Each will be configured on the network at a set base frequency of once per secondCARP The interface sends heartbeats,Let the firewall2know it still“活动”and handle traffic.默认情况下,pfSensewill be the firewall2 配置100的偏差,That means firewall2Will assume everything is OK,As long as it continues to receive no more than basic + 偏差（1 秒 + 100/256 秒）的心跳.

在任何时候,防火墙2Stops receiving from the firewall for the allotted time specified by the deviation1的心跳,It will assume a firewall1Stop processing traffic and take over the master role.这会将CARP IP地址的控制权“转移”到防火墙2上,And immediately take over and start processing traffic.然后,防火墙2Heartbeat transmission will begin on this interface,and replace the firewall1运行,until it starts receiving from the firewall again1的心跳.默认的CARPThe behavior is to perform preemption,This means once the firewall1重新上线,防火墙2A heartbeat faster than your own base and bias values ​​will be recognized,防火墙2changes its status to a worker role.

It's all done in just a few seconds,The impact of network interruption can be minimized.

pfsync – 跟踪状态

pfsync是pfSenseA high-availability state synchronization component.It synchronizes the state tables of the two devices,to ensure that the firewall operating system's packet filter (pf) The component is ready to take over existing connections if another node fails.

如果没有pfsync,如果防火墙1Failover to firewall if state is out of sync2,then any existing stateful connections will be broken and need to be re-established.This affects the ones with stateful firewall rulesTCP等协议,Can cause trouble for end users and application network connectivity.

If there is no state synchronization across the two nodes,每次下载、文件传输、备份、Email clients, etc. will make a short-lived connection“暂停”,It may even be necessary to close and reopen the connection/程序.The goal of high availability is to ensure network continuity in the event of a transition,这显然不能满足要求.

由于pfsyncinvolves authentication,Therefore, it is recommended to use it exclusivelySYNC接口上运行,以确保连接的可靠性.

XMLRPC – 同步配置

高可用的XML远程过程调用 (XMLRPC) The component is responsible for keeping the configuration synchronized between the primary and secondary firewalls.This ensures firewall rules、CARP VIP、NAT Configuration etc. remain the same between the two firewalls.如果没有XMLRPC,Then the administrator needs to remember to make every change on both firewalls,This greatly increases the probability of error.

Every time a change is made on the main firewall,都会运行XMLRPC同步过程.Use a dedicated username and password,并在pfsync使用的同一SYNC接口上运行.

出站NAT和DHCP – 绑定一起

The final part of configuring high availability is for clients and NAT配置DHCP,for use with the new high-usage settings,尽管从技术上讲,It's not quitepfSensePart of the high availability component.

对于出站NAT,默认情况下,pfSense利用WANThe interface address will beNATApplies to private network ranges behind firewalls,以及Internet上IPv4public and routable in IP地址.如果保持不变,这对HA来说是一个问题,因为如果pfsyncThe state table in is transferred to the secondary firewall,It will only work with the main firewallWAN IP地址匹配,thereby destroying the state.要解决这个问题,Hybrid or manual outbound must be configuredNAT,Then create rules to do thisIPv4流量NATto all relatedWAN connectedCARP VIP地址.This will ensure the state is valid on both firewalls in case of failover.

DHCP 范围,无论是在pfSense还是其他的DHCP服务器上,都需要使用CARP VIPas a client gateway,instead of the actual interface of the main firewallIP地址.否则,If the main firewall is offline,Clients will not be able to reach their upstream gateway,thus losing all connections.If any client use staticIP地址,Its gateway address must also be CARP VIP.

结论

综上所述,pfSenseThe high-availability features allow all components to work together,Provides an excellent and powerful software and hardware redundancy solution,Ensures network health even in the event of a single hardware failure,Reduce the impact on the normal production and operation of the enterprise and office business.

​ ​原文地址​​