Multiple MAC to single IP
-
Hi, I have seen this asked a few times ways back, and most answers are no, why, how would that work.... that sort of thing.
First, I understand that it may be wrong/broken to do this. But understand that most people who venture into pfSense world, are coming from Tomato, where we could and still can assign 2 MAC's to a single IP.
Now, the reasons I have seen are mostly to give the same IP for Wired or Wifi connection from laptops, etc. I don't believe it is needed there nor do I recommend it.
But, I have personally found a reason to have it, that I so far cannot think of a solution around it.
I have a High Available Synology NAS setup. The NAS's themselves have 10.0.28.2 and .3 for there respective IP's. Then Synology HA software assigns 10.0.28.1 to one of the NAS's. If it fails then the HA software auto moves the .1 IP to the other NAS.
Overall not a problem, except there are ONLY 2 MAC's. There is no virtual 3rd MAC address for the virtual IP. On my network, the MAC that is reported with 10.0.28.1 is the MAC address of either .2 or .3 whichever is currently the master unit.
Now there is a heartbeat /sync cable between the 2 NAS's so there is NO reason to need to have .2 or .3 available on the network. If I was able to in pfSense, I want to be able to put both MAC address's in and assign it the 10.0.28.1 floating IP. I know that only 1 will ever be visible and active on the network. so technically there shouldn't be a problem.
Now, I understand if this is the wrong thing to do if one wants to stick to the rules 100%. In saying that, I would like to stick to the rules too and try to do things the right way now I am moving from tomato to pfsense setups. I'm learning something new so I may as well refine my methods also.
So if there is a better way to go about it then please share. At this stage I can only set the NAS shared IP to a static setup, but is there a way or even a need to register that in anyway in pfsense, for maybe the internal DNS for example?
-
@eangulus said in Multiple MAC to single IP:
But understand that most people who venture into pfSense world, are coming from Tomato
I'm not sure how you can make that statement. Nobody ever mentions Tomato around here, and I've been here for 6 years.
Is there an actual problem you are having with this scenario? I read your post three times and couldn't find anything that's giving you problems. pfSense works primarily at the IP level, not MAC. I would assume that the virtual IP for your HA rig uses the MAC of the active node, no? All clients on the network get their ARP tables updated via broadcast, so they should have no trouble finding the right node via the HA IP address.
-
In the cisco world i would have disabled mac learning so that the mac needs to be re learnt a lot, that way it would pick up the mac change from the nas, so maybe what you are looking for is to either disable arp caching for that ip or have a really low arp timeout.
Not sure what impact on speeds etc these might have or if possible from within pfsense but it sounds like what you want.
-
So I had a look at how sysctl is set up for arp caching
The cli command:
sysctl -n net.link.ether.inet.max_ageGives:
net.link.ether.inet.max_age: 1200
So that means that a arp value will stay in cache for 20 minutes to change to 20 seconds:
sysctl -w net.link.ether.inet.max_age=20Once you reboot it will get reset.
Maybe test with that and see if it along the longs of what you want to do. Otherwise i've completely mis understood and should be ignored.
** I have no idea on what impact doing this would have on the performance of your device **
Reference:
https://www.freebsd.org/cgi/man.cgi?query=arp&apropos=0&sektion=4&manpath=FreeBSD+11.3-RELEASE&arch=default&format=html