I have been reviewing a collection (more than fifty) firewalls throughout a network. All of these firewalls are in failover or HA mode and have an interface between them for failure detection, state and config replication. But it seems that the choices for the HA IP addressing vary tremendously.
When I configure a HA link I always use 22.214.171.124/30. The Primary is 126.96.36.199 and the Secondary is 188.8.131.52.
What I didn’t realise is that many other people do the same thing. About 50% of these firewalls uses 184.108.40.206/30, or maybe 220.127.116.11/24 or something similar. The remainder seem to use private addresses and some are using public address.
So here is the question ? What IP addressing do you use when configuring a HA link between firewall / load balancers / devices ?
Sound off in the comments and take the poll.
Since writing this post, the RIPE has allocated the 18.104.22.168/8 to the APNIC for allocation to public Internet hosts. This means that hosts on the public Internet in the range 1.1.1/24 will not be accessible and therefore you should not use this range any longer. You should use 192.0.2.0/24 in the current IP address plan.