CARP issues
-
Gone through 3 switches now. 1 TP-link and two Cisco catalyst 2960G both reset to factory defaults running a completely vanilla out of the box config.
-
And?
Look at this file you sent: 1532558530465-when-its-broken.pcap
Set a wireshark filter for
icmpStart at frame 183 and look through frame 212.
When the traffic is sourced from .172 (the CARP VIP) there is no response but the traffic IS being sent.
When the traffic is sourced from .173 (the interface address) there is a response.
You have to figure out what is going on UPSTREAM of the firewall that causes this to be true.
I am going to move this to the Virtualization forum because that is where I'll bet your problem is. Some setting in the hypervisor. Maybe it will only allow one active MAC address on the interface at a time or something.
-
Ok. Thanks for the reply
Does anyone on the virtualization side have any ideas? Ive done pci passthrough via hostdev in libvirt xml and pci stubs in grub. Im under the impression that since the OS has no knowledge of the NIC card then neithier does libvirt since its a user space app. As i posted ealier freebesd sees the actual intel chipset instead of the standard e1000 emulated chip that QEMU provides to the guest. Also the mac addresses that pfsense sees on the NICs are those that are hardcoded on the hardware Additionally, the xml config has no entry for these nics and the centos cant even bring them up via ifup as the driver has never bound itself to the card.
Maybe im missing something on the hypervisor side here but im under the impression that atandard anti spoofing mac address feature shouldnt apply here since libvirt is unaware of the existence or the card. Or is it?
Thsnks
