CARP IPv6 /127 not working



  • Our ISP gives us a /127 "glue" subnet for IPv6 connectivity. I'm trying to set this up as a CARP VIP for HA.

    I've successfully configured CARP for IPv4 (including for one ISP that also gives us only one public IP).

    I assigned IPv6 local IPs (e.g., fd38:bbde:9c4b:e7db::1 and fd38:bbde:9c4b:e7db::2) as the primary IPv6 static IPs on the interfaces, since some address seems to be required to get IPv6 enabled for an interface.

    Once I do that, I can also add my IPv6 VIP. It shows up properly in the CARP status page, and I see it in the ifconfig output on the CLI, too. I can even ping IPv6 addresses successfully, from the primary router.

    The problems start arising once I reboot the primary router. The secondary appears to take over (the IPv6 IP shows as the "MASTER" on the CARP status page), however, that address appears nowhere in the ifconfig output for that interface on the CLI.

    Furthermore, once the primary comes back online, the IPv6 IP does not switch back properly to the primary (this works fine for all the IPv4 IPs, including the one on the same interface). In fact, the CARP status page shows that both routers think they are the MASTER (but again, only for the IPv6 IP, the IPv4 CARP VIP on the same interface works just fine).

    What am I doing wrong? Or is this a bug?

    ifconfig output from primary (failed state, after reboot):

    ix0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
    	options=e400bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,VLAN_HWTSO,RXCSUM_IPV6,TXCSUM_IPV6>
    	ether aa:bb:cc:dd:ee:ff
    	hwaddr aa:bb:cc:dd:ee:ff
    	inet6 fe80::aabb:ccff:feb4:3010%ix0 prefixlen 64 scopeid 0x1 
    	inet6 fd38:bbde:9c4b:e7db::1 prefixlen 64 
    	inet6 2600:b000:0:7::g:39c7 prefixlen 127 vhid 5 
    	inet 70.60.50.171 netmask 0xfffffff8 broadcast 70.60.50.175 
    	inet 70.60.50.173 netmask 0xfffffff8 broadcast 70.60.50.175 vhid 2 
    	nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
    	media: Ethernet autoselect (1000baseT <full-duplex>)
    	status: active
    	carp: MASTER vhid 2 advbase 1 advskew 0
    	carp: MASTER vhid 5 advbase 1 advskew 0
    

    ifconfig output from secondary (failed state, after reboot):

    ix0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
    	options=e400bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,VLAN_HWTSO,RXCSUM_IPV6,TXCSUM_IPV6>
    	ether aa:bb:cc:dd:ee:fe
    	hwaddr aa:bb:cc:dd:ee:fe
    	inet6 fe80::aabb:ccff:feb4:1be8%ix0 prefixlen 64 scopeid 0x1 
    	inet6 fd38:bbde:9c4b:e7db::2 prefixlen 64 
    	inet 70.60.50.172 netmask 0xfffffff8 broadcast 70.60.50.175 
    	inet 70.60.50.173 netmask 0xfffffff8 broadcast 70.60.50.175 vhid 2 
    	nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
    	media: Ethernet autoselect (1000baseT <full-duplex>)
    	status: active
    	carp: BACKUP vhid 2 advbase 1 advskew 100
    	carp: MASTER vhid 5 advbase 1 advskew 100
    


  • I think I'm at least partially encountering this bug, which I updated with what I'm seeing: https://redmine.pfsense.org/issues/6579


Log in to reply