VIP persisting after removal

pstine

I have a situation where an old (removed) VIP is continuing to be broadcast as being available on the WAN interface. Looking at the ARP table of the WAN switch the IP appears with the MAC of the WAN interface.

The old VIP has been removed from pfsense (doesn't show up in the VIP listing, ifconfig or the arp table) but is showing up in the WAN switch ARP table (even after being removed from the WAN switch ARP table.)

If it matters, the IP in question used to the the IP of the WAN interface before the WAN interface was re-addressed (on the same subnet.)

It isn't really effecting anything right now, it just shows up as Used-Unmanaged in Infoblox and offends my sensibility.

Any ideas where this old setting might be lurking in pfsense and how to (permanently) remove it?

Thanks

pstine

I should add that it persists between reboots and complete system halts.

Derelict

grep -C10 -n ip_address_in_question /cf/conf/config.xml

??

pstine

@Derelict said in VIP persisting after removal:

grep -C10 -n ip_address_in_question /cf/conf/config.xml

No content returned.
Tested the grep against a known VIP and expected content was returned.

I've searched for the VM against the MAC and it returned the firewall vm.
Get-VM | Get-NetworkAdapter | Where {$_.MacAddress -eq “00:50:56:xx:yy:zz”} | Select-Object Parent,Name,MacAddress

I've searched for the IP address and nothing was returned.
Get-VM * |where-object{$_.Guest.IPAddress -match "www.xxx.yyy.zzz"}

The VIP in question is not listed in the firewall IP addresses whereas the other VIPs are.

Thanks

Derelict

The VIP in question is not listed in the firewall IP addresses whereas the other VIPs are.

Is the VIP listed in netstat -rn on the firewall? If not, something else is responding there.

What kind of VIP was it?

What was the netmask?

pstine

Not listed in netstat -rn result. All the other VIPs for the WAN interface show up in the result.

Originally, I believe, it was the IP of the WAN interface (.181). A few months back, the WAN interface was re-addressed to .187
The netmask in 255.255.255.192
The gateway is at .129
The MAC reported by the switch ARP table is the same as that of the WAN interface.

I find it hard to imagine that the .181 address is being broadcast from some other device when it is broadcasting the same MAC address as the firewall.

Certainly very odd.

I have considered assigning the .181 IP to a new virtual machine, outside the firewall, to see what effect that has on the switch ARP table. Perhaps that will clear it - or, I guess, create a problem in the table.

pstine

I created a new vm, assigned the offending IP to that VM, let it hang out for a day, deleted the VM and the DNS records in Infoblox. Finally, after the weekend the record has cleared in Infoblox and presumably the switch.

Switch weirdness in the end, I suppose.

Thanks to Derelict for the suggestions in trying to track this down.