Changing CARP vhid breaks SNAT on the virtual IP, anyone else?
-
Hi guys,
Tried to report this as a bug, but got rejected - https://redmine.pfsense.org/issues/3043In short, has anyone tried to change vhid on the WAN IP while having NAT on the same virtual IP?
In my case NAT dies and inside network loses Internet connectivity, until I disable/enable CARP on the master node.
Mr. Chris Buechler says "upstream ARP cache"… I'd say it's more likely that the stars were not well aligned :) -
Changing VHID changes the MAC address, which makes the upstream ARP cache invalid, which causes that exact scenario. Enable/disable sends a gratuitous ARP which usually updates the upstream ARP cache. Let's just say I know what I'm talking about.
-
Well yes, that is happening behind the curtains. So if i do not want to disable/enable CARP manually, my second option is restarting the switch… :)
-
Most managed switches have an option in the management interface to purge/relearn MACs on a port.
Either way, this should auto-fix itself after a few minutes even when not cycling CARP, since eventually the ARP cache will expire.Aside from that, is this a big problem for you? Normally changing the VHID of an address is a rare event, and waiting/cycling in such a rare circumstance seems acceptable.
-
Well, it's not expiring even after 12h :)
whatever…