VIP ESXi 5.1 Cisco Switches
-
I am having an issue being able to ping a carp VIP or access the DMZ from our production network. I have the following interfaces configured: WAN, DMZ, PRODUCTION, CARP sync. VIP's from outside our network through WAN work fine. I can ping the VIP for the production network from the DMZ network, however I cannot ping the VIP for the production network from the production network. I have a static route setup to the production VIP on the production network. I see an ARP entry on the Cisco switch that has the route for the production VIP.
The rules for the firewall are setup to allow all TCP and ICMP traffic to the PRODUCTION interface for any source/destination. Promiscuous mode is on all vSwitches attached to the two pfSense boxes. Both the master and backup have a CARP status of "BACKUP" for just the production VIP. Here's also what's happening in the system logs, repeated over and over.
On Master pfSense box:
Jan 14 12:27:36 kernel: vip1: 2 link states coalesced
Jan 14 12:27:36 kernel: vip1: link state changed to DOWN
Jan 14 12:27:39 kernel: vip1: MASTER -> BACKUP (more frequent advertisement received)Thanks for your help.
-
that's one or more of:
http://doc.pfsense.org/index.php/CARP_Configuration_Troubleshooting#VMware_ESX.2FESXi_Users -
Thanks, I initially thought Net.ReversePathFwdCheckPromisc = 1 was for a DVS. Changing this did the trick!