Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    FreeVRRP

    Scheduled Pinned Locked Moved Virtualization
    3 Posts 2 Posters 906 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • E
      enealDC
      last edited by

      Hi folks. I'm running pfSense on XenServer 7 where the default network switch back end is OVS. After some extensive testing and research, I have come to the disappointing conclusion that CARP won't work due to the multicast mac not being supported on OVS and I'm unwilling to change to the bridge back end (right now at least) so I was looking to see if I could instead use the FreeVRRP package.
      The package has installed correctly, but it has a dependency on ng_ether, ng_bridge, ng_socket and ng_eiface. I managed to pull these kernel module from a FreeBSD 11.1 RELEASE ISO, but ng_ether won't load (kldstat -v says it's built in). When I try to start up freevrrp, here is the error I get:

      May 20 21:14:55 fw1 freevrrpd[85534]: launching daemon in background mode
      May 20 21:14:55 fw1 freevrrpd[85861]: initializing threads and all VRID
      May 20 21:14:55 fw1 freevrrpd[85861]: reading configuration file /usr/local/etc/freevrrpd.conf
      May 20 21:14:55 fw1 freevrrpd[85861]: cannot create an eiface/ether netgraph interface: File exists
      May 20 21:14:55 fw1 kernel: xn2: permanently promiscuous mode enabled
      May 20 21:14:55 fw1 freevrrpd[85861]: ng_ether.ko is probably not loaded, use kldload ng_ether.ko before running freevrrpd
      May 20 21:14:55 fw1 freevrrpd[85861]: cannot create a virtual interface via netgraph: File exists
      May 20 21:14:55 fw1 freevrrpd[85861]: check that ng_socket, ng_ether, ng_eiface and ng_bridge are loaded

      Am I just SOL?

      1 Reply Last reply Reply Quote 0
      • DerelictD
        Derelict LAYER 8 Netgate
        last edited by

        If CARP won't work neither will VRRP. They use essentially the same network functions, including the same multicast address etc.

        Not sure what you are seeing on XenServer 7 but CARP works just fine in XenServer 6.

        Chattanooga, Tennessee, USA
        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        1 Reply Last reply Reply Quote 0
        • E
          enealDC
          last edited by

          @Derelict:

          If CARP won't work neither will VRRP. They use essentially the same network functions, including the same multicast address etc.

          Not sure what you are seeing on XenServer 7 but CARP works just fine in XenServer 6.

          Hmm… this and other threads https://forum.pfsense.org/index.php?topic=122588.0
          Suggest that they function differently. Where as CARP uses a multicast MAC VRRP uses a single virtual unicast MAC?
          Either way, I can confirm that the keepalived vrrp implementation works in my environment so I'm hopeful that freevrrp will work as well.

          Are/Were you using OVS on XenServer6? The  network switch default backend is bridge mode..

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.