Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    ISP required featured for CARP?

    Scheduled Pinned Locked Moved HA/CARP/VIPs
    6 Posts 2 Posters 2.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • W
      woleium
      last edited by

      We have a site in Vancouver with internet service from Shaw.
      We have the required* three consecutive IP's in the same subnet.

      Configuring CARP works fine on the internal and DMZ interfaces, but not on the external (all the IP's work if configured as WAN addresses). I'm guessing that this is because the ISP doesn't allow the required redirect, but I'm not sure what sort of redirect it needs…

      Does anyone know what I need to ask Shaw to enable for me?

      Regards

      W

      *To go off on a a bit of a tangent and not wanting to sound too ungrateful, the carpdev directive has been around for ages now, we shouldn't need 3 static ip's to do CARP any more. I know it's a small percentage of us that do this regularly, but public IP's are becoming more and more scarce...

      1 Reply Last reply Reply Quote 0
      • C
        cmb
        last edited by

        carpdev doesn't exist in FreeBSD.

        There is nothing required on the ISP's side for CARP. When you're switching around between IP alias and CARP, you're putting wrong entries in the upstream ARP cache. If that's on your modem, power cycle it. Otherwise you'll have to wait hours for it to timeout.

        1 Reply Last reply Reply Quote 0
        • W
          woleium
          last edited by

          Hmm, thanks cmb. I suspected ARP caches may have something to do with it, I'm hoping it'll just work when I get to work tomorrow (ARP caches last about 4 hours iirc?)

          Funny thing is that it didn't work after the initial config either and I did try a modem reboot this afternoon, so I was thinking maybe it was an ISP security thing of some kind (anti ARP poisoning? I'm getting a bit out of my depth here.)

          re carpdev: That's a shame. I must be mixing up my BSD's :-$
          I did find this post: http://lists.freebsd.org/pipermail/freebsd-stable/2012-February/066143.html
          which suggests that it's technically possible (albeit with a different method) with 10-CURRENT. I guess pfSense is still (and probably quite rightly) using 9?

          [edit:spelling]

          1 Reply Last reply Reply Quote 0
          • C
            cmb
            last edited by

            8 with 2.2 release probably going to 10.

            One other thing that may bite you on cable modems, depending on the type, is the MAC address limit some enforce. That's more common with residential dynamic service and not common with business class service, but some cable modems will only allow the first X MACs they see where X is the number of "authorized" hosts you're allowed to have by the provider. Each CARP IP has a unique virtual MAC.

            1 Reply Last reply Reply Quote 0
            • W
              woleium
              last edited by

              Oooh, does that mean that we get the feature in 2.2 then? crosses fingers

              I guess I could test the MAC limit theory by turning off one of the boxes, rebooting the modem to clear the cache and then testing to see if the CARP IP works?

              1 Reply Last reply Reply Quote 0
              • C
                cmb
                last edited by

                IIRC with Shaw your static IP assignment is on the modem and there aren't any MAC restrictions, but it's worth experimenting (I'd check packet captures instead personally).

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.