CARP/HA VMWARE ESXi 6.0.0 - Breaking HA after latest ESX patching ....

  • Hi all, I hope someone here can help me, because I ran in to a nightmare today when patching ESX 6.0. I have a cluster of ESXi 6.0.0, 10719132 machines. For the longest time, I've been chugging along with dual pfsense HA boxes running CARP. I have promisc mode enabled, and the Net.ReverseProsCheck set to 1 on all the ESXi hosts.

    Today, I tried to upgrade to ESXi 6.0.0, 14513180. Two of my hosts completed the upgrade (there are 10 in the cluster). My primary VM migrated back to one of the hsots running 14513180, and everything went to hell. I started seeing packet loss. Not compete failure, but 70-80% packet loss.

    When I migrate the primary pfsense off the upgraded hosts, everything goes back to normal.

    So there is clearly SOMETHING about the new update that is causing some major heartburn.

    I did check for kicks, and I do have MAC forg and MAC changes also set to accept, so that clearly isn't what is causing the problem. I tried moving the primary VM to both of the machines that are on 14513180, and it responds the same way on both. So it's definitely not limited to a single esx host. I also did try looking at both firewalls while in this state, and the primary still shows MASTER, and the second unit shows BACKUP, so it's not a case of both units going in to MASTER mode.

    I'm completely at a loss, and would love any help or suggestions anyone may have.

  • @zimmy6996 said in CARP/HA VMWARE ESXi 6.0.0 - Breaking HA after latest ESX patching ....:


    Hey there Zimmy, i am setting up a similar setup within my vmware environment for HA, i have a couple questions for you. 1. where can i find the Net.ReverseProsCheck setting on my host? 2. on your secondary (slave) pfsense vm node did you configure all of the interfaces with an ip or only config the lan and carp interfaces. for example my primary pfsense has about 8 different networks: lan/wifi/wan/sonos/etc do i need to recreate all of these interfaces and set them with a static ip on the secondary box? Thank you in advanced any bit of guidance you can provide would be greatly appreciated.

Log in to reply