CARP Sync failing ESX



  • I have tried everything, I have blowing away both firewalls, upgraded to 1.2.1 today still getting the Error Code 2

    Here is my setup:

    2 ESX boxes running 2 port Groups (VLANS)
    Both connect to a 3COM Switch
    VLAN1 is Internal
    VLAN2 is External

    Firewall1 is on ESX1
    Firewall2 is on ESX2

    there is only 1 NIC that connects the ESX server to the 3COM Switch using 802.1Q trunks

    Is there a known issue with this type of setup?

    I did a packet capture and was getting retrans only between the Firewalls, other than the CARP/Sync issue everything else works great!

    Thanks



  • You need to enable promiscuous on the port in ESX for CARP to function.



  • Here is the command, got the CARP working THANKS! however still won't sync

    echo "PromiscuousAllowed yes" > /proc/vmware/net/vmnic0/ config

    Thanks



  • Bill Marquette, one of our devs, just setup CARP in ESX earlier today. He had to "disable some security settings" to make it work, not sure of details. He said he just turned off all the security related settings and it worked, didn't know which exactly were required.



  • If you can get me a list of the Security settings he turned off that would be great.

    The CARP works for a while then I loss connection to both firewalls both the CARP IP goes away and the LAN IP… I have to restart the firewall to get it back, even if I turn one firewall off it will still die if I don't disable CARP... I can still connect to other devices on the ESX servers so it isn't shutting the port entirely.

    Thanks
    LS



  • I re-installed 1.2 and the weird lockup issue went away.  CARP is working great, however SYNC'ing still doesn't work.  ???  The states table syncs but nothing else.

    SO my main issue has been corrected as I don't have a signal point of failure, however I would like the config's to sync so anytime I make a change I don't have to remember to make it to my "Backup"

    Not sure where else to look for the problem, would uploading a packet capture or config help someone troubleshoot this further?

    Thanks


Log in to reply