Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    CARP/HA in XCP-ng losses packets when in different hypervisor

    Scheduled Pinned Locked Moved HA/CARP/VIPs
    6 Posts 2 Posters 847 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • L
      Luis Cordero
      last edited by

      Hi,
      i have a setup of Pfsense Firewalls in HA that works perfectly fine when both FWs are in the same hypervisor, however when i migrate one of the FW Virtual Machines to a different hypervisor starts lossing a lot of packets

      my configuration is the following:
      There is a public IP associated to the CARP WAN interface
      xn0- WAN:
      CARP:172.16.0.1/24
      Primary:172.16.0.2/24
      Secondary:172.16.0.3/24

      xn1- LAN:
      CARP: 172.16.100.1/24
      Primary:172.16.100.2/24
      Secondary:172.16.100.3/24

      xn2- MGMT:
      CARP: 172.16.116.1/24
      Primary: 172.16.116.2/24
      Secondary: 172.16.116.3/24

      xn3- SYNC:
      Primary: 192.168.0.1/24
      Secondary: 192.168.0.2/24

      My question: Does anyone knows why i would start lossing packets?

      I haver already try the following:
      Install Xen-Server tools on the Pfsense VM (source: https://tweenpath.net/running-pfsense-xenserver-xenguest/)

      1 Reply Last reply Reply Quote 0
      • planedropP
        planedrop
        last edited by

        When you say "migrate to a different hypervisor" do you mean a different host running the same hypervisor software or do you mean an entirely different hypervisor (like VMWare or something)?

        L 1 Reply Last reply Reply Quote 1
        • L
          Luis Cordero @planedrop
          last edited by

          @planedrop said in CARP/HA in XCP-ng losses packets when in different hypervisor:

          rvisor (like

          Yes, we have a machine with 4 hypervisors. when we move one VM in changes the entire supervisor.
          Each hipervisor is connected to a switch in the same manner and configuration

          planedropP 1 Reply Last reply Reply Quote 0
          • planedropP
            planedrop @Luis Cordero
            last edited by

            @Luis-Cordero But are these all XCP-ng or do you have like Proxmox, Hyper-V, VMWare, and XCP-ng? Moving VMs between different hypervisors is usually not an easy task.

            Moving them between different hosts of the same hypervisor platform though is a different story.

            Either way it sounds like one of the CARP interfaces isn't properly syncing, maybe they can't reach each other once moved to the other host.

            L 1 Reply Last reply Reply Quote 1
            • L
              Luis Cordero @planedrop
              last edited by

              @planedrop said in CARP/HA in XCP-ng losses packets when in different hypervisor:

              cing, maybe they can't

              By any chance do you know any know issue for why is there a communication error when host are in differents hypervisors

              2023-08-29_9-40-55.png

              in the picture it shows when both primary and secondary firewalls are in the same hypervisor everything is ok, but when i change from a to b starts lossing packets

              planedropP 1 Reply Last reply Reply Quote 0
              • planedropP
                planedrop @Luis Cordero
                last edited by

                @Luis-Cordero OK so looks like both hosts are running XCP-ng.

                There are a lot of things that could cause this behavior, are the two hosts in a pool together or 2 separate pools? Either way they are probably communicating over a switch, maybe that physical switch doesn't have the right VLANs in place?

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.