CARP Problems (Two masters)
-
Hello,
I am a professional administrator and I have a model at home with two ESXi and two virtualized PF connected to the WAN box and LAN / SYNC in Trunk with a cisco switch.
I would like to set up CARP to guarantee good network access.
I created a SYNC VLAN 20 interface for that.
I created the firewall rules for the transit of this VLAN 20.
I created a vip on the WAN and a vip on the LAN. All the pings work.
The transfer of config data is done well between the two PFsense.
Internet access from the LAN works.Problems:
- The slave PFsense immediately switches to "MASTER" mode instead of "BACKUP" on both interfaces.
- I have a high latency on the Internet connection.
Corrections made
- I activated the promiscuous mode on ESXi cards
- I unchecked the boxes "Block private networks" and "Block bogon network" on all interfaces.
- I tried with both PFsense virtual machines on the same ESXi.
The problem is still here, you can not use the Internet properly.
If you have an idea ?
Thank you
Equipment:
- 2x DELL ESXi 6.7U1
- 2x VMs PFsense 2.4.4p3
- CISCO 2960S switch
-
The SYNC interface means nothing to the MASTER/MASTER or MASTER/BACKUP status of the interfaces. MASTER/MASTER means the secondary node is not receiving the heartbeats from the MASTER on that interface.
Please read this:
https://forum.netgate.com/topic/119864/carp-ha-sync-and-xmlrpc-sync-explained
-
Hello,
I just solved my problem, thanks. SYNC interface was good, ok, but...
On the ESXi, I activated "allow forged transmits" and "MAC Address Changes" on the vSwitch concerned by CARP (WAN, LAN, DMZ...). Under ESXi 6.7 it is disabled by default (maybe 6.5 too).
The second PFSENSE immediately became backup and the latency disappeared.Since I updated to ESXi 6.7u3 and PFsense 2.4.5 -> no problem :)
-
@antoinef67 life saver! thanks!
-
@antoinef67 I registered an account just to say thank you sir, a life saver!
