Slow connection using CARP interface
My installations of pfsense 2.4.4-p3 works very well with CARP/HA, SYNC and XMLRPC.
The problem is in the internet transfer rates. When using the outbound NAT of the CARP WAN interface rates are around 4 Mbps download and 9 Mbps upload.
If in the NAT configuration I use the IP of the local WAN interface speed is within the expected; rates are around 60 Mbps download and 90 Mbps upload.
When the parent pfsense is shut down, secondary pfsense starts working, but the problem persists.
For testing purposes, I removed the CARP/HA configuration and added the secondary IP before that associated with CARP on the WAN interface and obtained the same satisfactory result in the two NAT output situations.
In this cluster we have another public connection with the internet and we do not have problems of speed.
Clearly the problem is related to the CARP/HA of this interface/connection.
Both pfsense instance are installed on two different vmware esxi hosts, but I have already tested with both VMs on the same esxi host, with same issue
VLAN's and switchs appear to be within the standards.
Rate transfer using WAN CARP interface
Rate transfer using WAN local interface
There is nothing special about CARP/HA here. It's all just MAC addresses, IP addresses, and ARP. If there is something being treated differently about it it must be upstream in your environment.
Do you still have the problem on pfsense CARP?
@Derelict i have the exact same problem! When carp exists, upload is poor. If i delete it, upload is at full speed.
Look at your upstream. It's not pfSense in all likelihood.
The upstream without the pf is normal. Furthermore, it is normal without carp
Then you will need to figure out what your upstream does not like about the second MAC address.
PROBLEM SOLVED! After couple days calling to internet provider.. describing the issue they have installed a new router on my company. From the beginning, the problem was associated with wan routing when using 'carp' and virtual mac address handling.
Cool. So what was the actual solution? How did they deal with the mac handling?
Many times it is something like switch port security only allowing one MAC address per port or other similar things.