Using IP Aliases to Reduce Heartbeat Traffic

If a segment contains a large number of CARP VIPs, the segment can have a lot of multicast traffic. The firewall sends one heartbeat per second per CARP VIP. To reduce this traffic, additional VIPs may be “stacked” on top of one CARP VIP on an interface.

• Pick one CARP VIP to be the “main” VIP for an interface

• Edit the other CARP VIPs in the same subnet

  • Change the type to IP Alias

  • Select the “main” CARP VIP as the VIP Interface

  • Save

  • Repeat for each additional CARP VIP on the same interface

• Apply Changes

This not only reduces the heartbeats on a given segment, but it also causes all of the IP alias VIPs to change status along with the “main” CARP VIP, reducing the likelihood that a layer 2 issue will cause individual CARP VIPs to not fail over as expected.

IP Alias VIPs do not normally synchronize via XML-RPC configuration synchronization, however, IP alias VIPs set to use CARP interfaces in this manner will synchronize.