• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Slow connection using CARP interface

Scheduled Pinned Locked Moved HA/CARP/VIPs
10 Posts 4 Posters 2.0k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • M
    maguiar
    last edited by May 21, 2019, 12:21 PM

    Hello everybody

    My installations of pfsense 2.4.4-p3 works very well with CARP/HA, SYNC and XMLRPC.

    The problem is in the internet transfer rates. When using the outbound NAT of the CARP WAN interface rates are around 4 Mbps download and 9 Mbps upload.

    If in the NAT configuration I use the IP of the local WAN interface speed is within the expected; rates are around 60 Mbps download and 90 Mbps upload.

    When the parent pfsense is shut down, secondary pfsense starts working, but the problem persists.

    For testing purposes, I removed the CARP/HA configuration and added the secondary IP before that associated with CARP on the WAN interface and obtained the same satisfactory result in the two NAT output situations.

    In this cluster we have another public connection with the internet and we do not have problems of speed.

    Clearly the problem is related to the CARP/HA of this interface/connection.

    Both pfsense instance are installed on two different vmware esxi hosts, but I have already tested with both VMs on the same esxi host, with same issue

    VLAN's and switchs appear to be within the standards.

    7fea694b-e2a2-478e-896b-d6f4d52abfdc-image.png

    Rate transfer using WAN CARP interface

    916ef6bd-7599-4775-a8dd-73684336be31-image.png

    Rate transfer using WAN local interface

    1 Reply Last reply Reply Quote 0
    • D
      Derelict LAYER 8 Netgate
      last edited by May 21, 2019, 4:33 PM

      There is nothing special about CARP/HA here. It's all just MAC addresses, IP addresses, and ARP. If there is something being treated differently about it it must be upstream in your environment.

      Chattanooga, Tennessee, USA
      A comprehensive network diagram is worth 10,000 words and 15 conference calls.
      DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
      Do Not Chat For Help! NO_WAN_EGRESS(TM)

      P 1 Reply Last reply May 8, 2020, 2:26 PM Reply Quote 0
      • I
        input1
        last edited by Apr 27, 2020, 8:22 PM

        Do you still have the problem on pfsense CARP?

        1 Reply Last reply Reply Quote 1
        • P
          pfsenseuser2020 @Derelict
          last edited by May 8, 2020, 2:26 PM

          @Derelict i have the exact same problem! When carp exists, upload is poor. If i delete it, upload is at full speed.

          1 Reply Last reply Reply Quote 0
          • D
            Derelict LAYER 8 Netgate
            last edited by May 8, 2020, 3:53 PM

            Look at your upstream. It's not pfSense in all likelihood.

            Chattanooga, Tennessee, USA
            A comprehensive network diagram is worth 10,000 words and 15 conference calls.
            DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
            Do Not Chat For Help! NO_WAN_EGRESS(TM)

            1 Reply Last reply Reply Quote 0
            • P
              pfsenseuser2020
              last edited by May 8, 2020, 3:58 PM

              The upstream without the pf is normal. Furthermore, it is normal without carp

              1 Reply Last reply Reply Quote 1
              • D
                Derelict LAYER 8 Netgate
                last edited by May 8, 2020, 4:05 PM

                Then you will need to figure out what your upstream does not like about the second MAC address.

                Chattanooga, Tennessee, USA
                A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                Do Not Chat For Help! NO_WAN_EGRESS(TM)

                1 Reply Last reply Reply Quote 1
                • I
                  input1
                  last edited by input1 May 8, 2020, 4:42 PM May 8, 2020, 4:42 PM

                  PROBLEM SOLVED! After couple days calling to internet provider.. describing the issue they have installed a new router on my company. From the beginning, the problem was associated with wan routing when using 'carp' and virtual mac address handling.

                  1 Reply Last reply Reply Quote 2
                  • P
                    pfsenseuser2020
                    last edited by May 8, 2020, 5:03 PM

                    Cool. So what was the actual solution? How did they deal with the mac handling?

                    1 Reply Last reply Reply Quote 0
                    • D
                      Derelict LAYER 8 Netgate
                      last edited by May 8, 2020, 5:50 PM

                      Many times it is something like switch port security only allowing one MAC address per port or other similar things.

                      Chattanooga, Tennessee, USA
                      A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                      DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                      Do Not Chat For Help! NO_WAN_EGRESS(TM)

                      1 Reply Last reply Reply Quote 0
                      • First post
                        Last post
                      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                        [[user:consent.lead]]
                        [[user:consent.not_received]]