CARP Sync failing ESX
I have tried everything, I have blowing away both firewalls, upgraded to 1.2.1 today still getting the Error Code 2
Here is my setup:
2 ESX boxes running 2 port Groups (VLANS)
Both connect to a 3COM Switch
VLAN1 is Internal
VLAN2 is External
Firewall1 is on ESX1
Firewall2 is on ESX2
there is only 1 NIC that connects the ESX server to the 3COM Switch using 802.1Q trunks
Is there a known issue with this type of setup?
I did a packet capture and was getting retrans only between the Firewalls, other than the CARP/Sync issue everything else works great!
You need to enable promiscuous on the port in ESX for CARP to function.
Here is the command, got the CARP working THANKS! however still won't sync
echo "PromiscuousAllowed yes" > /proc/vmware/net/vmnic0/ config
Bill Marquette, one of our devs, just setup CARP in ESX earlier today. He had to "disable some security settings" to make it work, not sure of details. He said he just turned off all the security related settings and it worked, didn't know which exactly were required.
If you can get me a list of the Security settings he turned off that would be great.
The CARP works for a while then I loss connection to both firewalls both the CARP IP goes away and the LAN IP… I have to restart the firewall to get it back, even if I turn one firewall off it will still die if I don't disable CARP... I can still connect to other devices on the ESX servers so it isn't shutting the port entirely.
I re-installed 1.2 and the weird lockup issue went away. CARP is working great, however SYNC'ing still doesn't work. ??? The states table syncs but nothing else.
SO my main issue has been corrected as I don't have a signal point of failure, however I would like the config's to sync so anytime I make a change I don't have to remember to make it to my "Backup"
Not sure where else to look for the problem, would uploading a packet capture or config help someone troubleshoot this further?