I have been reviewing a collection (more than fifty) firewalls throughout a network. All of these firewalls are in failover or HA mode and have an interface between them for failure detection, state and config replication. But it seems that the choices for the HA IP addressing vary tremendously.
When I configure a HA link I always use 188.8.131.52/30. The Primary is 184.108.40.206 and the Secondary is 220.127.116.11.
What I didn’t realise is that many other people do the same thing. About 50% of these firewalls uses 18.104.22.168/30, or maybe 22.214.171.124/24 or something similar. The remainder seem to use private addresses and some are using public address.
So here is the question ? What IP addressing do you use when configuring a HA link between firewall / load balancers / devices ?
Sound off in the comments and take the poll.
Since writing this post, the RIPE has allocated the 126.96.36.199/8 to the APNIC for allocation to public Internet hosts. This means that hosts on the public Internet in the range 1.1.1/24 will not be accessible and therefore you should not use this range any longer. You should use 192.0.2.0/24 in the current IP address plan.