CARP, HA, pfsense, and Switches

purduephotog

Good Evening-

I have another piece of software that utilizes CARP on two interfaces to maintain HA, similar to pfSense. Unfortunately I have a $4000 netgear M4300 that apparently does not support the protocol (support says it breaks their CPU), and Cisco just told me that their SG350 series does not support CARP either.

Given that- what the heck are you all running switch wise that allows you to work with CARP? Because I'm getting pretty desperate here that I can't exactly propose a solution for CARP if I don't have anything to plug it into.

Going to try reddit too in hopes of garnering an answer in 12 hours or less. Contract funding ending.

~J

netblues

@purduephotog said in CARP, HA, pfsense, and Switches:

SG350

Can you please elaborate on where exactly the managed switch make or sw comes into play as far as carp on pf is concerned? Runs everywhere from unmanaged to cheap switches with no issues.

Derelict

Just tell them it's VRRP, not CARP. If it works for VRRP, it'll work with CARP.

Please let me know when Cisco says their switches don't support VRRP.

purduephotog

@netblues I'm going to be putting pf into the mix as well, and be setting it up for CARP. Since I've lost a ton of time on this and am getting really contradicting info, I'm trying to figure out which sweetish I can go buy that will work.

purduephotog

@netblues The word from Netgear was "It overloads the CPU and isn't supported". And I've spent a ton of hours trying to figure out why the individual NICs are pingable, but the HA interface isn't. So before I drop another couple of grand on a switch, I want to know what is supported or not.

Derelict

All it has to support is Multicast and it needs to change the MAC address table based on the CARP advertisements as any switch should. Not really sure what Netgear is talking about. If processing one multicast frame per second per VLAN overloads the CPU you probably don't want that switch anyway.

Most switches have no issues processing it.

Some ISP devices with a built-in switch have problems with the multicast, moving the MAC from port to port, etc.

SteveITS

@purduephotog said in CARP, HA, pfsense, and Switches:

before I drop another couple of grand on a switch

Can you try a cheap "dumb" switch first? We have pfSense HA/CARP setups on a three year old 10 Gbit Netgear at our data center, and at a client that I think is just connecting to the switch in their Comcast router.

I started to reply about pfSense but it sounds like you are saying your question is actually about different software...

purduephotog

@teamits said in CARP, HA, pfsense, and Switches:

Can you try a cheap "dumb" switch first? We have pfSense HA/CARP setups on a three year old 10 Gbit Netgear at our data center, and at a client that I think is just connecting to the switch in their Comcast router.

I'm actually having this problem on a different piece of software, but I intend to put pfSense on it so I'll have the same issue. Which is why I'm trying to figure out what works for pfSense so I can make it work for both.

Interesting. I'm trying to get a dumb 10gbe switch but they don't exist. I might just go grab a cheap one and plug it in.

SteveITS

@purduephotog said in CARP, HA, pfsense, and Switches:

dumb 10gbe switch but they don't exist

No they do not. :) I was thinking any old 5 port gigabit switch would work for testing purposes. I think the point we're collectively trying to make is there shouldn't be special requirements for a switch for this to work.

Derelict

Switches have to try pretty hard to break CARP/VRRP.

purduephotog

@teamits yeah. It should just work. It doesn't tho... And it's really messing up my holiday giving spirit.

I should've just did it all myself. No outside vendor. Sigh.