We’re working on designing our data center network with a strong focus on failover and resilience.
Our provider gives us two 10Gb feeds, and we’re planning to use:
I’ve put together a diagram showing my proposed setup.
My question:
I’d really appreciate any feedback or suggestions!
EDIT: This is the guide I have followed - Layer 2 Redundancy | pfSense Documentation
I would make sure you setup your root bridge on the 10G switch that is connected to the primary pfSense.
Also, are all your default gateways configured on your pfSense firewalls?
Agreed. The Root Bridge will be the 10Gb switch connected to the primary pfSense.
Yes, the servers behind pfSense will have that as their gateway. They’ll be CARP ip addresses for HA failover.
Are you using MC-LAG setup for redundancy between the switches and hosts connected to them?
The switches we will be using do not support MC-LAG, unfortunately. They will be linked using 10Gb DAC cables.
Are your servers virtualized, bare-metal, or a mix?
They’ll be a mix. Hyper-v clusters, NAS’ for example.
Sounds good. On the server side of things I would look into NIC teaming in independent mode/Active/standby mode or IP bonding where no switch awareness will be required. If you really want to get fancy, you could see about running OSPF locally on the servers as well as the pfSense.
Thanks 
Yes, we’re using NIC Teaming in the lab Hyper-V setup which is working well.
I will look into OSPF. I have no experience with it! How would it benefit us?
The benefit is minimal and would be risky if you don’t have any experience with it. As long as you have a L1 or L2 redundancy you’ll be fine.
