Help With DORA over CARP
-
Hi pfSense community,
I have made a setup in vmWare Workstation 15.5.5 build-16285975, consisting of a client (Windows 10 PC), 2 pfSense Firewalls (CARP, Pfsync) and 2 windows 2016 servers (Domain Controllers with DHCP to Client) and it's working fine. It's all on the same network 172.16.30.0. My problem is that I am capturing packets to analyse the DORA processes from the firewalls via. the DHCP relay agent which is working, because the Traffic gets to the Windows 2016 servers/Domain controllers and the IP is Renewed on the client. But the thing is that when I capture the process and analyze it in Wireshark, I can see that the Broadcast from the Client, isn't hitting the CARP Virtual IP, but it is instead hitting the LAN adresses on both Firewalls and bounce between them 4-5 times before it is directed further to the DHCP server (Domain Controller), this will happend all through the DORA process.
Am I assuming, incorrect, that the broadcast shouldn't be bounced between the 2 Firewall LAN IPs and should only hit the virtual CARP IP?
I hope it make sense and hope that some or one of you can help?
-
@Gizmo_88 Well, if it is a broadcast from the client, then it is expected to reach all members on the same lan.
Carp interfaces are active and are monitoring each other constantly, so they WILL receive broadcasts too.
What exactly do you mean by "bounced broadcasts" ? -
Hi Netblues,
Thanks for your fast respons and sorry for not answering sooner.
I figured out my troubles, after a while, and found that I needed to add 3 more vmnets (VNICS) on the Firewalls and to Configure those Firewalls, the Windows dhcp servers and the Client machine with the appropriate vmnets to them aswell in Workstation Pro. Because I broadcastet my dhcp renewal from the client into the same network and hadn't seperated the network with different networks, I simply got a messy DORA exchange on the firewalls, where they would send the discover, offer, request and acknowledge between FW1 and FW2, before sending it to the dhcp servers.