Netgate XG-7100 & Virual IP
-
I notice that sometimes, when I ping 192.168.3.250, a packet can pass
-
I cannot test with two XG-7100s because I only have immediate access to one.
That said I have no problems with CARP VIPs on LAN:
$ ping -c3 192.168.1.1
PING 192.168.1.1 (192.168.1.1): 56 data bytes
64 bytes from 192.168.1.1: icmp_seq=0 ttl=64 time=0.184 ms
64 bytes from 192.168.1.1: icmp_seq=1 ttl=64 time=0.289 ms
64 bytes from 192.168.1.1: icmp_seq=2 ttl=64 time=0.307 ms--- 192.168.1.1 ping statistics ---
3 packets transmitted, 3 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 0.184/0.260/0.307/0.054 ms
$ ping -c3 192.168.1.2
PING 192.168.1.2 (192.168.1.2): 56 data bytes
64 bytes from 192.168.1.2: icmp_seq=0 ttl=64 time=0.407 ms
64 bytes from 192.168.1.2: icmp_seq=1 ttl=64 time=0.269 ms
64 bytes from 192.168.1.2: icmp_seq=2 ttl=64 time=0.329 ms--- 192.168.1.2 ping statistics ---
3 packets transmitted, 3 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 0.269/0.335/0.407/0.056 ms
$ ping -c3 192.168.1.3
PING 192.168.1.3 (192.168.1.3): 56 data bytes
64 bytes from 192.168.1.3: icmp_seq=0 ttl=64 time=0.395 ms
64 bytes from 192.168.1.3: icmp_seq=1 ttl=64 time=0.359 ms
64 bytes from 192.168.1.3: icmp_seq=2 ttl=64 time=0.364 ms--- 192.168.1.3 ping statistics ---
3 packets transmitted, 3 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 0.359/0.373/0.395/0.016 ms
$ ping -c3 192.168.1.254
PING 192.168.1.254 (192.168.1.254): 56 data bytes
64 bytes from 192.168.1.254: icmp_seq=0 ttl=64 time=0.410 ms
64 bytes from 192.168.1.254: icmp_seq=1 ttl=64 time=0.196 ms
64 bytes from 192.168.1.254: icmp_seq=2 ttl=64 time=0.199 ms--- 192.168.1.254 ping statistics ---
3 packets transmitted, 3 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 0.196/0.268/0.410/0.100 ms
$ arp -an
? (192.168.1.1) at 0:8:a2:e:a8:63 on en0 ifscope [ethernet]
? (192.168.1.2) at 0:0:5e:0:1:1 on en0 ifscope [ethernet]
? (192.168.1.3) at 0:0:5e:0:1:2 on en0 ifscope [ethernet]
? (192.168.1.254) at 0:0:5e:0:1:3 on en0 ifscope [ethernet]
? (192.168.1.255) at ff:ff:ff:ff:ff:ff on en0 ifscope [ethernet]CARP issues like you are describing are almost always something funky at layer 2. You probably want to describe how you have it all connected.
-
The Interfaces -> Switches part is not synced via CARP IIRC, could it be possible you have made a configuration error on one of the two members?
-
Curious. Since they correctly show as Master/Backup when joined you must have layer 2 connectivity between them at least. I would certainly expect to be able to ping the VIP from the secondary unless you have firewall rules specifically blocking it, or not passing it.
If you rules on LAN allow pinging the LAN address rather than LAN net that would do it.Steve
-
@stephenw10 said in Netgate XG-7100 & Virual IP:
Curious. Since they correctly show as Master/Backup when joined you must have layer 2 connectivity between them at least. I would certainly expect to be able to ping the VIP from the secondary unless you have firewall rules specifically blocking it, or not passing it.
If you rules on LAN allow pinging the LAN address rather than LAN net that would do it.Steve
Except:
PPCM a day ago
I notice that sometimes, when I ping 192.168.3.250, a packet can pass
-
Maybe an open icmp state from an outbound test when that happens?
-
Maybe - generally starting a new ping doesn't match dangling states.
-
True, it would have a different ID if pinging from pfSense..
-
Thanks a lot for all your help
It is a fresh install, no rule is added
About the connection, both XG-7100 are connected on a freshly reseted switch (DELL N1524P) on the LAN network of routers (Eth4 on each of them)
Nothing special, that's why I can't understand...
-
Connect LAN-to-LAN on the 7100s (Like ETH3 - ETH3)
Connect a workstation to another LAN port on either of the firewalls (ETH4 to ETH8).
Does your problem go away?
If so, it's the Dell switch.
