Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Slow connection using CARP interface

    Scheduled Pinned Locked Moved HA/CARP/VIPs
    10 Posts 4 Posters 2.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      maguiar
      last edited by

      Hello everybody

      My installations of pfsense 2.4.4-p3 works very well with CARP/HA, SYNC and XMLRPC.

      The problem is in the internet transfer rates. When using the outbound NAT of the CARP WAN interface rates are around 4 Mbps download and 9 Mbps upload.

      If in the NAT configuration I use the IP of the local WAN interface speed is within the expected; rates are around 60 Mbps download and 90 Mbps upload.

      When the parent pfsense is shut down, secondary pfsense starts working, but the problem persists.

      For testing purposes, I removed the CARP/HA configuration and added the secondary IP before that associated with CARP on the WAN interface and obtained the same satisfactory result in the two NAT output situations.

      In this cluster we have another public connection with the internet and we do not have problems of speed.

      Clearly the problem is related to the CARP/HA of this interface/connection.

      Both pfsense instance are installed on two different vmware esxi hosts, but I have already tested with both VMs on the same esxi host, with same issue

      VLAN's and switchs appear to be within the standards.

      7fea694b-e2a2-478e-896b-d6f4d52abfdc-image.png

      Rate transfer using WAN CARP interface

      916ef6bd-7599-4775-a8dd-73684336be31-image.png

      Rate transfer using WAN local interface

      1 Reply Last reply Reply Quote 0
      • DerelictD
        Derelict LAYER 8 Netgate
        last edited by

        There is nothing special about CARP/HA here. It's all just MAC addresses, IP addresses, and ARP. If there is something being treated differently about it it must be upstream in your environment.

        Chattanooga, Tennessee, USA
        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        P 1 Reply Last reply Reply Quote 0
        • I
          input1
          last edited by

          Do you still have the problem on pfsense CARP?

          1 Reply Last reply Reply Quote 1
          • P
            pfsenseuser2020 @Derelict
            last edited by

            @Derelict i have the exact same problem! When carp exists, upload is poor. If i delete it, upload is at full speed.

            1 Reply Last reply Reply Quote 0
            • DerelictD
              Derelict LAYER 8 Netgate
              last edited by

              Look at your upstream. It's not pfSense in all likelihood.

              Chattanooga, Tennessee, USA
              A comprehensive network diagram is worth 10,000 words and 15 conference calls.
              DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
              Do Not Chat For Help! NO_WAN_EGRESS(TM)

              1 Reply Last reply Reply Quote 0
              • P
                pfsenseuser2020
                last edited by

                The upstream without the pf is normal. Furthermore, it is normal without carp

                1 Reply Last reply Reply Quote 1
                • DerelictD
                  Derelict LAYER 8 Netgate
                  last edited by

                  Then you will need to figure out what your upstream does not like about the second MAC address.

                  Chattanooga, Tennessee, USA
                  A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                  DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                  Do Not Chat For Help! NO_WAN_EGRESS(TM)

                  1 Reply Last reply Reply Quote 1
                  • I
                    input1
                    last edited by input1

                    PROBLEM SOLVED! After couple days calling to internet provider.. describing the issue they have installed a new router on my company. From the beginning, the problem was associated with wan routing when using 'carp' and virtual mac address handling.

                    1 Reply Last reply Reply Quote 2
                    • P
                      pfsenseuser2020
                      last edited by

                      Cool. So what was the actual solution? How did they deal with the mac handling?

                      1 Reply Last reply Reply Quote 0
                      • DerelictD
                        Derelict LAYER 8 Netgate
                        last edited by

                        Many times it is something like switch port security only allowing one MAC address per port or other similar things.

                        Chattanooga, Tennessee, USA
                        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                        Do Not Chat For Help! NO_WAN_EGRESS(TM)

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.