Two CARP'd routers lead to broadcast storm
-
Hello,
We have a weird scenario at one of our sites.
We have two physical sites (Site A 192.168.8.xxx & Site B 192.168.20.xxx) connected by a LAN. Each site has two WAN connections with two pfSense routers. Each site is using CARP. Each of the two routers at each site has both WAN connections at the location coming into it as well as a link to a network switch and a link between each router for Synch.
At Site A this is been working great for redundancy and works well.
At Site B (configured very similarly), over time, usually 3 to 21 days a broadcast storm will break out and the only way to stop it is to unplug the primary CARP'd router there. We never have this problem when only running on one router. The broadcast storm is usually when a user at Site A brings a laptop to Site B and a malformed packet showing their IP address being one form Site A's subnet, broadcasting on Site B's subnet.
One thing we noticed was that at Site B has it's Outbound NAT translation set to Auto, not manual with each rule's translation set to use CARP's virtual IP. Would this be a cause of this odd scenario?
-
Have to probably see a network diagram, complete will full IP addressing, subnets, and gateways and a complete description of the traffic that is causing the "storm" preferably with a packet capture.
There should be at least four addresses on the WAN network:
Upstream gateway
CARP VIP
Primary WAN interface
Secondary WAN interfaceTraffic should be able to freely flow between any of those interfaces without issue.
No, it is not normal to use Automatic outbound NAT in an HA configuration but it should not, in and of itself, cause the issues you say you're seeing unless something else is wrong.
