Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Static Routes using CARP/VIP

    Scheduled Pinned Locked Moved Routing and Multi WAN
    6 Posts 2 Posters 702 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      Matt_Sharpe
      last edited by

      Hello Guys,

      Just testing some static routing but using a CARP/VIP. Something doesn't agree with it, I can setup my lab with the same IP and routing between sites works fine, but if I try and route from Site B to Site A pointing the route at the PFsense CARP, it doesn't like it.

      If I revert the route config to point at the non-CARP IP, it works again.

      Any ideas?

      V 1 Reply Last reply Reply Quote 0
      • V
        viragomann @Matt_Sharpe
        last edited by

        @Matt_Sharpe said in Static Routes using CARP/VIP:

        but if I try and route from Site B to Site A pointing the route at the PFsense CARP, it doesn't like it.

        What does this mean?
        What's the issue?

        For routing traffic, it doesn't matter if the gateway IP is a primary interface address or a virtual one.
        The only requirement is that the gateway is within the own subnet. Maybe the CARP VIP isn't?

        M 1 Reply Last reply Reply Quote 0
        • M
          Matt_Sharpe @viragomann
          last edited by

          @viragomann I have a static route configured on firewalls (Site A <> Site B) for example.

          Site A is a PFsense.
          Site B is an NSX Edge at present.

          If I configure the static route on the NSX Edge to point to the CARP IP address on the PFsense. The routing doesn't work, nothing shows in packet capture etc.
          If I configure the static route on the NSX edge to point to the Firewall IP/Non-CARP IP that lives on the firewall. The routing works and I get ICMP traffic.

          So when the Site B firewall tries to route to a CARP IP address target, it doesn't work...

          V 1 Reply Last reply Reply Quote 0
          • V
            viragomann @Matt_Sharpe
            last edited by

            @Matt_Sharpe
            Possibly the NSX Edge is not compatible with CARP.
            There might be configuration options to make it co-operable though. Could be called "MAC spoofing" or alike.

            Anyway, for a CARP VIP the MAC address changes. Request packets go the the virtual MAC, while response packets come from the hardware MAC. Devices communicating with CARP VIPs has to accept this, but often don't by default.

            M 1 Reply Last reply Reply Quote 0
            • M
              Matt_Sharpe @viragomann
              last edited by

              @viragomann The plan is going to be PFsense to PFsnse in this configuration. Do you know if there is a PFsense configuration to allow this to work with CARP?

              Just setup a PF<>PF lab. It routes with non-CARP IP addresses, but doesn't work again with CARP.

              V 1 Reply Last reply Reply Quote 0
              • V
                viragomann @Matt_Sharpe
                last edited by

                @Matt_Sharpe
                I'm not aware of an issue in pfsense with this.
                However, if there is switch or a vswitch (in case one is virtualized) in between both routers, you have possibly to allow MAC changes on these devices.

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.