I am going to try and break question into a few different blocks order to make it a little easier to organize.
I have two pfsense firewalls with 4 x 1g ports each and 2 x Layer2 LB4 switches and the plan is to have a one network drop from my colo into each firewall (total of two drops), then have a connection from each of those into each one of my switches in order to use carp for failover purpose. The switches would be in a active/backup mode. My switches then would be cross linked together with a single 10gb connection (they dont stack).
Now with my current ip allocation with from my colo, they cannot peer with me and I have no interested in doing 1:1 NAT. I was told that I might be able to put the pfsense device into a layer 2 mode and simply do what they called a transparent firewall between the wan and lan ports. This appears to be called a bridge within the pfsense docs and would allow me to use my public ip's within the network behind my pfsense devices. I do know that i would then probably have to run a firewall on each server, but thats not an issue.
With the above said though, I had originally planned to bond 4 nics on each of my hosts using *nix bond-mode 6 (autobalance) with 2 nics being connected to each switch and then setup 3 tagged vlans (lan, cluster, storage). With doing a transparent firewall on the switches, would it still be possible for me to do the vlan's like I planned? I was thinking of adding an 4th vlan which would be vlan1 and the default vlan for anything thats not tagged, thus would then be the wan traffic. I think this is possible on my switches, but as many of you know, the LB4 docs are pretty lacking.
Would this even work? I will try to provide a network diagram as soon as possible to clarify the setup a bit better. I am really hoping this can work as I have really been struggling with the network design of this setup and I want as much performance and high availability as possible, but I am limited by my knowledge, equipment, and what my colo provider will allow.
Thanks so much for your time and feedback!
I have two pfsense firewalls with 4 x 1g ports each and 2 x Layer2 LB4 switches and the plan is to have a one network drop from my colo into each firewall (total of two drops), then have a connection from each of those into each one of my switches in order to use carp for failover purpose. The switches would be in a active/backup mode. My switches then would be cross linked together with a single 10gb connection (they dont stack).
Now with my current ip allocation with from my colo, they cannot peer with me and I have no interested in doing 1:1 NAT. I was told that I might be able to put the pfsense device into a layer 2 mode and simply do what they called a transparent firewall between the wan and lan ports. This appears to be called a bridge within the pfsense docs and would allow me to use my public ip's within the network behind my pfsense devices. I do know that i would then probably have to run a firewall on each server, but thats not an issue.
With the above said though, I had originally planned to bond 4 nics on each of my hosts using *nix bond-mode 6 (autobalance) with 2 nics being connected to each switch and then setup 3 tagged vlans (lan, cluster, storage). With doing a transparent firewall on the switches, would it still be possible for me to do the vlan's like I planned? I was thinking of adding an 4th vlan which would be vlan1 and the default vlan for anything thats not tagged, thus would then be the wan traffic. I think this is possible on my switches, but as many of you know, the LB4 docs are pretty lacking.
Would this even work? I will try to provide a network diagram as soon as possible to clarify the setup a bit better. I am really hoping this can work as I have really been struggling with the network design of this setup and I want as much performance and high availability as possible, but I am limited by my knowledge, equipment, and what my colo provider will allow.
Thanks so much for your time and feedback!