๐งญ 1. What is CARP?
CARP (Common Address Redundancy Protocol) allows multiple firewalls to share a virtual IP address so that if one device fails, another automatically takes over.
This ensures continuous network availability and seamless failover.
In OPNsense, a typical HA setup includes:
- Master firewall (active)
- Backup firewall (standby)
When the master stops responding, the backup promotes itself to master and assumes the shared VIP.
โ๏ธ 2. How It Works
๐น Virtual IP
CARP creates a shared IP (e.g. 203.66.10.10) visible to the outside world.
Traffic is always directed to this VIP, regardless of which node is active.
| Device | Real IP | Role |
|---|---|---|
| FW-A | 203.66.10.11 | Master |
| FW-B | 203.66.10.12 | Backup |
| Shared | 203.66.10.10 | CARP VIP |
๐น VHID & AdvSkew
- VHID = Unique group identifier for each CARP VIP.
- AdvSkew = Priority value ( lower = higher priority ).
| Host | AdvSkew | Role |
|---|---|---|
| FW-A | 0 | Master |
| FW-B | 100 | Backup |
๐น Heartbeat (pfsync + CARP)
CARP sends multicast heartbeats between members.
If the backup stops receiving heartbeats, it immediately takes control of the VIP.pfsync is used to replicate connection state tables, ensuring sessions continue after failover.
๐งฉ 3. Typical Topology
[Internet]
โ
โผ
Virtual IP 203.66.10.10 (CARP)
โ
โโ FW-A Master (203.66.10.11)
โโ FW-B Backup (203.66.10.12)
โ
[LAN Switch] โ 192.168.100.0/24
If FW-A fails, FW-B becomes master within seconds, and users remain online.
๐งฐ 4. Setup Steps
Step 1 โ Sync Interface
Create a dedicated SYNC interface:
FW-A โ 10.0.0.1
FW-B โ 10.0.0.2
Prefer direct link or isolated VLAN.
Step 2 โ Enable pfsync
System โ High Availability โ Settings
- Enable pfsync
- Select SYNC interface
Step 3 โ Add CARP Virtual IP
Firewall โ Virtual IPs โ Add
- Type: CARP
- Interface: WAN
- VIP: 203.66.10.10/24
- VHID: 1
- Password: shared secret
- AdvSkew: 0 (master), 100 (backup)
Step 4 โ (Option) Enable XMLRPC Config Sync
System โ High Availability โ Settings โ XMLRPC Sync
- Specify peer IP
- Enable desired sync sections (e.g. Firewall rules, Aliases)
Step 5 โ Test Failover
- Disable or unplug FW-Aโs WAN.
- Within ~3 seconds, FW-B assumes the VIP.
- Active sessions continue without interruption.
โ 5. Best Practices
| Item | Recommendation |
|---|---|
| Heartbeat Link | Use dedicated VLAN or cable for SYNC |
| VHID | Unique per CARP group |
| AdvSkew | Master = 0โ10 / Backup = 50โ100 |
| pfsync | Use internal network / not filtered |
| Validation | Always simulate failover tests |
๐ก 6. Common Use Cases
- Dual-firewall redundancy (WAN or LAN)
- Shared public service IPs
- Data center edge firewall failover
โ 7. Conclusion
CARP is the foundation of OPNsense High Availability.
By pairing two firewalls with shared Virtual IPs and state synchronization,
you gain redundancy and seamless failover without manual intervention.
Combined with pfsync and XMLRPC config sync, CARP provides enterprise-grade resilience for mission-critical network environments.