Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    One VLAN is master on both HA's??? Strange networking issue

    Scheduled Pinned Locked Moved HA/CARP/VIPs
    14 Posts 4 Posters 1.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • DerelictD
      Derelict LAYER 8 Netgate @MrPete
      last edited by

      @mrpete This is invariably a switching issue. If the secondary does not receive the heartbeats sent from the primary it will think there is a failure and assume the MASTER role.

      Even if the primary receives the resulting heartbeats from the secondary, it will remain MASTER too since it is advskew 0 and the secondary is advskew 100.

      Chattanooga, Tennessee, USA
      A comprehensive network diagram is worth 10,000 words and 15 conference calls.
      DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
      Do Not Chat For Help! NO_WAN_EGRESS(TM)

      awebsterA MrPeteM 2 Replies Last reply Reply Quote 0
      • awebsterA
        awebster @Derelict
        last edited by

        @derelict said in One VLAN is master on both HA's??? Strange networking issue:

        @mrpete This is invariably a switching issue. If the secondary does not receive the heartbeats sent from the primary it will think there is a failure and assume the MASTER role.

        Exactly, my thoughts are that there is MAC address confusion at the switching level hence the verification necessary to make sure there is no incorrect configs as they'd be very hard to spot given that the CARP packets don't emanate with the NIC's real MAC address.

        –A.

        DerelictD 1 Reply Last reply Reply Quote 0
        • MrPeteM
          MrPete
          last edited by

          @awebster Ah HA! Key to IPV6 CARP is you create TWO CARP Virtual IP's :)

          1 Reply Last reply Reply Quote 0
          • MrPeteM
            MrPete @Derelict
            last edited by

            @derelict Understood. What's so strange is that most VLAN's are working just fine and DO see the heartbeats.

            I'm digging in on it further...

            awebsterA 1 Reply Last reply Reply Quote 0
            • awebsterA
              awebster @MrPete
              last edited by

              @mrpete Maybe try changing the VID on the problematic VLAN on both sides to see if that makes a difference since we know this will cause the source MAC address to change.

              –A.

              MrPeteM 1 Reply Last reply Reply Quote 0
              • DerelictD
                Derelict LAYER 8 Netgate @awebster
                last edited by

                @awebster pfSense's tcpdump groks CARP. If you pcap for it you can generally tell primary from secondary advertisements by the advskew (0 and 100 respectively by default).

                Chattanooga, Tennessee, USA
                A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                Do Not Chat For Help! NO_WAN_EGRESS(TM)

                1 Reply Last reply Reply Quote 0
                • MrPeteM
                  MrPete @awebster
                  last edited by MrPete

                  @awebster and @Derelict My problem: secondary does not see ANY packets from primary on that VLAN, period. This presumably has nothing to do with CARP??

                  Quite confusing to me, how a single VLAN on a trunked ethernet wire can be nonfunctional like that.

                  I'll soon rip into this at a more detailed level. Have a monitoring switch or two I can use to observe ... something... in the wire. ;)

                  DerelictD 1 Reply Last reply Reply Quote 0
                  • DerelictD
                    Derelict LAYER 8 Netgate @MrPete
                    last edited by

                    @mrpete It must be something on that VLAN. Blocking multicast. Something.

                    Chattanooga, Tennessee, USA
                    A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                    DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                    Do Not Chat For Help! NO_WAN_EGRESS(TM)

                    R 1 Reply Last reply Reply Quote 0
                    • R
                      RobertK 1 @Derelict
                      last edited by RobertK 1

                      Maybe your STP topology is different in that VLAN, so traffic goes on an unexpected path

                      1 Reply Last reply Reply Quote 0
                      • MrPeteM
                        MrPete
                        last edited by

                        Thanks all for the suggestions. Digging into it...

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.