VMWARE ESX 3.5 / vSwitch w/ 2 Physical NICs / CARP / PFSense 1.2.3
-
Hello,
I've posted this on the VMWare forum here:
http://communities.vmware.com/thread/216153
Haven't yet received a response from anybody there and was hoping someone here would have something to help me with. I've got two ESX Servers running version 3.5U4 fully updated via Update Manager as of today. Each server has two physical NICs in a vSwitch and each vSwitch has several port groups that access different network segments via VLAN trunking (Internal LAN, Public LAN, etc). When I setup CARP between two fresh pfsense routers I'm not able to get the interface to come up (both sides are in the "Backup" state) unless I remove all interfaces except for 1. I can't exclude it from the port groups, or even set it as unavailable to the vSwitch, i have to remove it entirely from the vSwitch. It doesn't matter where the VMs are (on the same server or not). Promiscuous mode has been enabled at the vSwitch layer as well.
Any thoughts?
Looking to replace an ISA server with two pfsense nodes running in CARP mode with two Nginx servers behind them performing reverse proxying to our development servers… All fault tolerant. :)
Thanks,
Ryan -
Will also mention, i've tried both Alpha releases (7.2 and 8.0) and had the same issue.
From what I've read this seems to be an issue with CARP in general on standard BSD VMs as well.
Thanks,
Ryan -
I have a very similar setup working well.
How did you setup your carpdev stuff ?
can you show us your 'carp status' and 'Virtual IP's' from within pfsense ?
-
Here's the screenshots:
Master CARP
Master VIP
Slave CARP
Slave VIP
-
Also, another note… When i initially configure the CARP interface, the Master side will show up as "Backup" but the Slave side will show up, "Disabled". Once I click "Enable CARP" on the carp status screen of the slave node both sides show up as "Backup".
-
Known issue with CARP in some circumstances, cause described here:
http://forum.pfsense.org/index.php/topic,13434.msg92214.html#msg92214 -
Hi,
I met the same problem as described. In my case it was with vSphere 4, but both CARPs stayed in backup also.
The problem was caused because the vSphere-server used NIC-teaming. This is a VMWare-issue. If you do not use NIC-teaming or NIC-failover it works great.Best regards,
Quentin
-
Hi,
I met the same problem as described. In my case it was with vSphere 4, but both CARPs stayed in backup also.
The problem was caused because the vSphere-server used NIC-teaming. This is a VMWare-issue. If you do not use NIC-teaming or NIC-failover it works great.Best regards,
Quentin
Ah that sucks. I was hoping it would go away in vsphere4. Oh well. Thanks!
-
CARP and vSphere working fine here.
Maybe my trick of using static 802.3ad with vSphere did the trick?
Too bad VMWare still doesnt do LACP :(
-
In case people still experience this issue (I did very recently), I made a writeup of the solution:
http://sysadminadventures.wordpress.com/2010/03/22/fixing-vm-based-pfsense-carp-announcement-echoes-when-using-teamed-network-adapters/