Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    CARP "Master" in All Nodes

    Scheduled Pinned Locked Moved
    HA/CARP/VIPs
    3
    4
    1.4k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      brunoroza
      last edited by

      Good night and thank you!
      I am assembling a LAB that I intend to apply in my environment, and I am assembling it as follows

      2 PfSense in HA Config
      LAN Interface with VLAN 14, 16, 18 in mode trunk
      1 VIP Carp per VLAN

      My problem is VIP-IP it is master on the 2 servers.

      VLAN 14 CARP-VIP - 192.168.14.1
      VLAN 16 CARP-VIP - 192.168.16.1
      VLAN 18 CARP-VIP - 192.168.18.1

      Master
      Interface Vlan 14
      192.168.14.2/23
      Interface Vlan 16
      192.168.16.2/23
      Interface Vlan 18
      192.168.18.2/23

      Slave
      interface Vlan 14
      192.168.14.3/23
      interface Vlan 16
      192.168.16.3/23
      interface Vlan 18
      192.168.18.3/23

      HA Interfaces
      Master - 10.10.10.1
      Slave - 10.10.10.2

      V 1 Reply Last reply Reply Quote 0
      • V
        viragomann @brunoroza
        last edited by

        @brunoroza
        If both nodes are master the interfaces probably cannot communicate together with the CARP (VRRP) protocol.

        So how are the nodes connected? If they are connected to a switch ensure its ports are well configured for the VLANs and that it passes CARP packets.

        1 Reply Last reply Reply Quote 0
        • B
          brunoroza
          last edited by

          @viragomann tks for reply
          My firewall has the following interfaces
          1 - WAN connected to the router
          1 - HA (cross connection)
          1 - switch interface vlan 14,16,18

          CARP portal is running on the interface that is with VLANS 14,16,18

          pinging individually the IPS of the interfaces is working correctly, only the ips of the CARP that are active in the 2 firewalls and it doesn't work

          DerelictD 1 Reply Last reply Reply Quote 0
          • DerelictD
            Derelict LAYER 8 Netgate @brunoroza
            last edited by Derelict

            @brunoroza If that is really the case then your switch is likely not properly passing the CARP advertisements. They are multicast to 224.0.0.18.

            20:17:32.490656 IP 172.25.228.18 > 224.0.0.18: CARPv2-advertise 36: vhid=228 advbase=1 advskew=0 authlen=7 counter=2770184658337638700

            If those are not received by the secondary node, it will also become MASTER and begin advertising its CARP VIP.

            Chattanooga, Tennessee, USA
            A comprehensive network diagram is worth 10,000 words and 15 conference calls.
            DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
            Do Not Chat For Help! NO_WAN_EGRESS(TM)

            1 Reply Last reply Reply Quote 0
            • First post
              Last post