Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Help With DORA over CARP

    Scheduled Pinned Locked Moved HA/CARP/VIPs
    3 Posts 2 Posters 460 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      Gizmo_88
      last edited by

      Hi pfSense community,

      I have made a setup in vmWare Workstation 15.5.5 build-16285975, consisting of a client (Windows 10 PC), 2 pfSense Firewalls (CARP, Pfsync) and 2 windows 2016 servers (Domain Controllers with DHCP to Client) and it's working fine. It's all on the same network 172.16.30.0. My problem is that I am capturing packets to analyse the DORA processes from the firewalls via. the DHCP relay agent which is working, because the Traffic gets to the Windows 2016 servers/Domain controllers and the IP is Renewed on the client. But the thing is that when I capture the process and analyze it in Wireshark, I can see that the Broadcast from the Client, isn't hitting the CARP Virtual IP, but it is instead hitting the LAN adresses on both Firewalls and bounce between them 4-5 times before it is directed further to the DHCP server (Domain Controller), this will happend all through the DORA process.

      Am I assuming, incorrect, that the broadcast shouldn't be bounced between the 2 Firewall LAN IPs and should only hit the virtual CARP IP?

      I hope it make sense and hope that some or one of you can help?

      N 1 Reply Last reply Reply Quote 0
      • N
        netblues @Gizmo_88
        last edited by

        @Gizmo_88 Well, if it is a broadcast from the client, then it is expected to reach all members on the same lan.
        Carp interfaces are active and are monitoring each other constantly, so they WILL receive broadcasts too.
        What exactly do you mean by "bounced broadcasts" ?

        1 Reply Last reply Reply Quote 1
        • G
          Gizmo_88
          last edited by

          Hi Netblues,
          Thanks for your fast respons and sorry for not answering sooner.
          I figured out my troubles, after a while, and found that I needed to add 3 more vmnets (VNICS) on the Firewalls and to Configure those Firewalls, the Windows dhcp servers and the Client machine with the appropriate vmnets to them aswell in Workstation Pro. Because I broadcastet my dhcp renewal from the client into the same network and hadn't seperated the network with different networks, I simply got a messy DORA exchange on the firewalls, where they would send the discover, offer, request and acknowledge between FW1 and FW2, before sending it to the dhcp servers.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.