CARP not working? Why?



  • I followed the tutorial posted and everything is setup properly as far as I know.

    Here is the setup:
    I have 5 WAN IP's (x.x.x.98 - x.x.x.102)
    that are NAT'ed to 5 LAN (y.y.y.y) IP's

    WAN IP 1 x.98 goes to pfsense.1
    WAN IP 2 x.99 goes to pfsense.2
    WAN IP 3 x.100 goes to lan.10
    WAN IP 4 x.101 goes to lan.11
    WAN IP 5 x.102 goes to lan.12

    pfsync seems to be communicating (properly?) as all rules got transfered to the backup from the master. I have a dedicated NIC in each pfsense box that is on its own network for communicating with pfsync.

    Here is my Virtual IP setup:
    x.x.x.100/32 (vhid 100)    CARP (WAN)
    x.x.x.101/32        (vhid 101)    CARP (WAN)
    x.x.x.102/32        (vhid 102)    CARP (WAN)
    y.y.y.y.111/32 (vhid 111)    CARP (LAN)

    Here is what I see in CARP status on pfsense.1 (master):
    Interface    Virtual IP    Status
    <blank>      x.x.x.100    <blank><blank>      x.x.x.101    <blank>carp2          x.x.x.102    MASTER
    carp3          y.y.y.111    MASTER

    Here is what is on pfsense.2 (backup):
    <blank>      x.x.x.100    <blank>carp1        x.x.x.101    MASTER
    carp2        x.x.x.102      BACKUP
    carp3        y.y.y.111    BACKUP

    pfsense.1 (master) ifconfig:
    carp0: flags=49 <up,loopback,running>metric 0 mtu 1500
            carp: MASTER vhid 100 advbase 1 advskew 0
    carp1: flags=49 <up,loopback,running>metric 0 mtu 1500
            carp: MASTER vhid 101 advbase 1 advskew 0
    carp2: flags=49 <up,loopback,running>metric 0 mtu 1500
            inet x.x.x.102 netmask 0xffffffff
            carp: MASTER vhid 102 advbase 1 advskew 0
    carp3: flags=49 <up,loopback,running>metric 0 mtu 1500
            inet y.y.y.111 netmask 0xffffffff
            carp: MASTER vhid 111 advbase 1 advskew 0

    and pfsense.2 (backup) ifconfig:
    carp0: flags=49 <up,loopback,running>metric 0 mtu 1500
            carp: BACKUP vhid 100 advbase 1 advskew 100
    carp1: flags=49 <up,loopback,running>metric 0 mtu 1500
            inet x.x.x.101 netmask 0xffffffff
            carp: MASTER vhid 101 advbase 1 advskew 100
    carp2: flags=49 <up,loopback,running>metric 0 mtu 1500
            inet x.x.x.102 netmask 0xffffffff
            carp: BACKUP vhid 102 advbase 1 advskew 100
    carp3: flags=49 <up,loopback,running>metric 0 mtu 1500
            inet y.y.y.111 netmask 0xffffffff
            carp: BACKUP vhid 111 advbase 1 advskew 100

    Does anybody have any clue what is wrong here? I am using "1.2.3-PRERELEASE-TESTING-VERSION built on Wed Feb 11 15:58:05 EST 2009" due to the need for some NIC drivers that are only in FreeBSD 7.1

    I'm out of ideas and I've been at it all night. Let's hear the suggestions!</up,loopback,running></up,loopback,running></up,loopback,running></up,loopback,running></up,loopback,running></up,loopback,running></up,loopback,running></up,loopback,running></blank></blank></blank></blank></blank></blank>



  • Here is my Virtual IP setup:
    x.x.x.100/32    (vhid 100)    CARP (WAN)
    x.x.x.101/32        (vhid 101)    CARP (WAN)
    x.x.x.102/32        (vhid 102)    CARP (WAN)
    y.y.y.y.111/32    (vhid 111)    CARP (LAN)

    You have to set the correct subnetmask for CARP VIPs.
    Since you have (x.x.x.98 - x.x.x.102) this would be /29



  • Actually, they are all set to /32 now and working fine. I had to reboot both boxes in order for it to finally work. Any reason why you can't configure this in realtime?

    The main WAN IP is set to /24 though, which I believe is what makes it work with these individual IP's set to /32.. Make sense?

    Thanks



  • This doesnt really make much sense.
    Set the subnet to what you actually have on the main WAN IP.


Locked