CARP & Hyper-V on 2.2 RELEASE

doubledgedboard · Jan 24, 2015, 7:33 PM

Someone mentioned that CARP & Hyper-V issues were resolved with the 2.2 RELEASE

I'm curious if it's possible to set up CARP\HA with a single WAN IP, and if so, what a high-level overview of the process is?

Thanks!

pszafer · Jan 28, 2015, 6:51 AM

Hi,

Yes it is possible.
You need to configure your vSwitch to allow VLAN ID in vSwitch settings and after that configure your VM to allow trunk networks in powershell:

Set-VMNetworkAdapterVlan VMNAME -Trunke -AllowedVlanIdList "2,3,4,5,6" - NativaeVlanId 0

and that's should be it. It is working like regular machine :)

to check if everything is set properly:

Get-VMNetworkAdapterVlan

badger · Feb 14, 2015, 10:36 AM

sounds great.

would anybody mind to write a short tutorial? =)

thank you

pszafer · Feb 15, 2015, 10:07 AM

@badger:

sounds great.

would anybody mind to write a short tutorial? =)

thank you

what do you want to be in this tutorial?
It is as simple at it looks like :)
Steps:

create VM in Hyper-V
create vSwitch with VLAN managment if you don't have it yet,
create 2 network card in VM
execute those 2 commands in Powershell (look at my sooner post)
install pfSense

badger · Feb 15, 2015, 11:07 AM

ok, unfortunately I never quite understood the hypervisor prerequisites to use CARP.

Especially I don't quite get the idea of the VLAN-tags…

Are they required to run CARP in the first place? right now we got 2 pfsense-boxes (VMs on seperate hardware) with a dedicated SYNC-interface. Do we have to mess with the VLAN-Options on this sync-vswitch? Also with the VLAN Options on LAN- and WAN-vswitches?

Do you need to enable MAC-address-spoofing to get it to work? (And do you actually set MAC-addresses to the same values on both VMs ?)

And which VLAN-IDs are you reffering to in this part?:

-AllowedVlanIdList "2,3,4,5,6" - NativaeVlanId 0

Your help is greatly appreciated =) and sorry for being a noob on this ;)

pszafer · Feb 15, 2015, 4:18 PM

@badger:

ok, unfortunately I never quite understood the hypervisor prerequisites to use CARP.

CARP needs dedicated interface to work, only for used by CARP.

Especially I don't quite get the idea of the VLAN-tags…

Are they required to run CARP in the first place?

No, it's not required.

right now we got 2 pfsense-boxes (VMs on seperate hardware) with a dedicated SYNC-interface. Do we have to mess with the VLAN-Options on this sync-vswitch?

So if those pfSense boxes are in VMs, how those interfaces would be dedicated? Interfaces has to have different subnet, so you have to use special physical interface to connect each other or you have to use VLAN's.

Also with the VLAN Options on LAN- and WAN-vswitches?

Do you need to enable MAC-address-spoofing to get it to work? (And do you actually set MAC-addresses to the same values on both VMs ?)

MAC spoofing - I think yes, but I could check it tomorrow and make sure of that.
No, MAC's cannot be the same, if interfaces would have same MAC, traffic couldn't be routed properly.

And which VLAN-IDs are you reffering to in this part?:

-AllowedVlanIdList "2,3,4,5,6" - NativaeVlanId 0

Your help is greatly appreciated =) and sorry for being a noob on this ;)

You need to create some plan for your network e.g.:

VLAN2 - LAN
VLAN3 - pfSense Sync

for me, I would create different VLAN's for printers, hosts (I have different VLAN's for each company department's), phones, WAN, pfSense.

and I would do it in pfSense, because for me working with HyperV vSwitch isn't much stable, once I've been changing configuration of interfaces and after restart interfaces were gone…
so I decided to create one interface for vSwitch, and vlan's in pfSense - in pfSense if something goes wrong all I have to is mess with config.xml file, not with snapshots of HyperV... also then I have to stop all of my VM's

doubledgedboard · Feb 15, 2015, 6:32 PM

So, I'm fine setting up the network aspects, but from my initial research it looks like single-wan-ip CARP doesn't work as well with DHCP WAN IPs.

From what I've read, it can be done, but I have to manually assign the gateway on the slave when a failover occurs? Is this true, or is there a better way to handle DHCP WAN?

pszafer · Feb 16, 2015, 6:19 AM

@doubledgedboard:

So, I'm fine setting up the network aspects, but from my initial research it looks like single-wan-ip CARP doesn't work as well with DHCP WAN IPs.

From what I've read, it can be done, but I have to manually assign the gateway on the slave when a failover occurs? Is this true, or is there a better way to handle DHCP WAN?

As Jims said - https://forum.pfsense.org/index.php?topic=63319.msg342542#msg342542

so I don't think it would work out of box with DHCP WAN IP, but with single-wan-ip it should work.