VMWARE ESX 3.5 / vSwitch w/ 2 Physical NICs / CARP / PFSense 1.2.3

carpenike

Hello,

I've posted this on the VMWare forum here:

http://communities.vmware.com/thread/216153

Haven't yet received a response from anybody there and was hoping someone here would have something to help me with. I've got two ESX Servers running version 3.5U4 fully updated via Update Manager as of today. Each server has two physical NICs in a vSwitch and each vSwitch has several port groups that access different network segments via VLAN trunking (Internal LAN, Public LAN, etc). When I setup CARP between two fresh pfsense routers I'm not able to get the interface to come up (both sides are in the "Backup" state) unless I remove all interfaces except for 1. I can't exclude it from the port groups, or even set it as unavailable to the vSwitch, i have to remove it entirely from the vSwitch. It doesn't matter where the VMs are (on the same server or not). Promiscuous mode has been enabled at the vSwitch layer as well.

Any thoughts?

Looking to replace an ISA server with two pfsense nodes running in CARP mode with two Nginx servers behind them performing reverse proxying to our development servers… All fault tolerant. :)

Thanks,
Ryan

carpenike

Will also mention, i've tried both Alpha releases (7.2 and 8.0) and had the same issue.

From what I've read this seems to be an issue with CARP in general on standard BSD VMs as well.

Thanks,
Ryan

bards1888

I have a very similar setup working well.

How did you setup your carpdev stuff ?

can you show us your 'carp status' and 'Virtual IP's' from within pfsense ?

carpenike

Here's the screenshots:

Master CARP

Master VIP

Slave CARP

Slave VIP

carpenike

Also, another note… When i initially configure the CARP interface, the Master side will show up as "Backup" but the Slave side will show up, "Disabled". Once I click "Enable CARP" on the carp status screen of the slave node both sides show up as "Backup".

cmb

Known issue with CARP in some circumstances, cause described here:
http://forum.pfsense.org/index.php/topic,13434.msg92214.html#msg92214

quentin

Hi,

I met the same problem as described. In my case it was with vSphere 4, but both CARPs stayed in backup also.
The problem was caused because the vSphere-server used NIC-teaming. This is a VMWare-issue. If you do not use NIC-teaming or NIC-failover it works great.

Best regards,

Quentin

carpenike

@quentin:

Hi,

I met the same problem as described. In my case it was with vSphere 4, but both CARPs stayed in backup also.
The problem was caused because the vSphere-server used NIC-teaming. This is a VMWare-issue. If you do not use NIC-teaming or NIC-failover it works great.

Best regards,

Quentin

Ah that sucks. I was hoping it would go away in vsphere4. Oh well. Thanks!

ITCoresys

CARP and vSphere working fine here.

Maybe my trick of using static 802.3ad with vSphere did the trick?

Too bad VMWare still doesnt do LACP :(

ynguldyn

In case people still experience this issue (I did very recently), I made a writeup of the solution:

http://sysadminadventures.wordpress.com/2010/03/22/fixing-vm-based-pfsense-carp-announcement-echoes-when-using-teamed-network-adapters/