Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    CARP Sync problem on NSX-T (VMWare Cloud Director)

    Scheduled Pinned Locked Moved HA/CARP/VIPs
    2 Posts 2 Posters 1.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      skalyx
      last edited by skalyx

      Hello,

      We are planning to create a cluster of PFSense Firewalls with High Availability (HA), which requires a virtual IP with CARP.
      The goal => have high availability for our 2 virtual pfsense nodes.

      Sadly, it does not work and we troubleshoot for over 4 hours and think we cannot do anything more.

      The error is that both nodes appear as MASTER in CARP Status.
      The documentation states:

      This will happen if the secondary node cannot see the CARP hearbeat advertisements from the primary. Check for firewall rules, connectivity trouble, switch configurations. Also check the system logs for any relevant errors that may lead to a solution. If this is encountered in a Virtual Machine (VM) hypervisor environment such as VMWare ESX, see Troubleshooting High Availability Clusters in Virtual Environments.

      The documentation:
      https://docs.netgate.com/pfsense/en/latest/troubleshooting/high-availability.html#both-nodes-appear-as-master
      There are what Netgate proposes to make the high availability working on a Vmware vSphere environment:
      https://docs.netgate.com/pfsense/en/latest/troubleshooting/high-availability-virtual.html

      However, our virtual cloud provider has VMWare Cloud Director and NSX-T.

      It is such an urgent project and we do not know what to do next.

      Do you have any ideas?

      Thanks!

      1 Reply Last reply Reply Quote 0
      • J
        jlw52761
        last edited by

        You must allow for MAC Address changes, Promiscious MOde, and Forged Transmits on the port group to the VM for any interface that uses CARP. I created a single trunk portgroup that has these settings and only use it for my pfSense box.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.