I have been reviewing a collection (more than fifty) firewalls throughout a network. All of these firewalls are in failover or HA mode and have an interface between them for failure detection, state and config replication. But it seems that the choices for the HA IP addressing vary tremendously.
When I configure a HA link I always use 126.96.36.199/30. The Primary is 188.8.131.52 and the Secondary is 184.108.40.206.
What I didn’t realise is that many other people do the same thing. About 50% of these firewalls uses 220.127.116.11/30, or maybe 18.104.22.168/24 or something similar. The remainder seem to use private addresses and some are using public address.
So here is the question ? What IP addressing do you use when configuring a HA link between firewall / load balancers / devices ?
Sound off in the comments and take the poll.
Since writing this post, the RIPE has allocated the 22.214.171.124/8 to the APNIC for allocation to public Internet hosts. This means that hosts on the public Internet in the range 1.1.1/24 will not be accessible and therefore you should not use this range any longer. You should use 192.0.2.0/24 in the current IP address plan.