Vlan & HA
-
Any iodeas anyone?...
-
Here are the steps i took for setup:
Router A (master)
create VLAN ID 10 on interface ixl0 (lan)
assign interface ixl0.10 with a static IP and enbaled it.
LAN IP is 192.168.10.2/24Router B (backup)
create VLAN ID 10 on interface ixl0 (lan)
assign interface ixl0.10 with a static IP and enbaled it.
LAN IP is 192.168.10.3/24Back to Router A
created CARP VIP
192.168.10.1/24
VHID group 9
frequency 1 / skew 0
checked router B and it synced the info except assigned a frequency of 1 and skew of 100Set outbound NAT
Hybrid NAT
interface WAN
protocol any
source: network 192.168.10.0/24
translation address: WAN IPchecked router B and confiremd outbound NAT configs synced over Firewall rule: Action: Pass ipv4 protocol: any source: VOIP net destination: any port: any checked router B and confirmed fw rule was synced. on Router A, i enabled DHCP pool 192.168.10.100 - 192.168.10.200 gatewat 192.168.10.1 failover IP 192.168.10.3 confirmed DHCP settings dunced over to router B confirmed failover IP is 192.168.10.2when i look at CARP status in each router, the status shows VOIP@9 192.168.10.1 as MASTER
what am i missing?
-
@MrGamecase
It's the same as for normal networks. Your setup steps on pfSense seems all right.
So I guess, the problem is outside of pfSense.That both are master, indicates that the nodes don't have a working layer 2 connection.
So check the switch config, which should connect both VLAN interfaces. -
This post is deleted! -
@viragomann said in Vlan & HA:
@MrGamecase
It's the same as for normal networks. Your setup steps on pfSense seems all right.
So I guess, the problem is outside of pfSense.That both are master, indicates that the nodes don't have a working layer 2 connection.
So check the switch config, which should connect both VLAN interfaces.So at the moment im using PROXMOX. to rey get this working before we deploy this to our main network
-
So if i trunk 2 ports on my Cisco 2960s poe+ & plug the lan ports from the 2 PFsense Vms i should see the carp functin?....
-
@MrGamecase
Yes. But it should also work on Proxmox.
Did you enable "VLAN awareness" on the Bridge? -
Yes Vlan awareness is enable on the Lan port in Proxmox A & B Server, i have a VM spun up with a tag of 20 and i do not get DHCP from anything apart from the primary lan ??.??.10.?? & only when ther are no vlans involved on the CARP
-
@MrGamecase
Maybe you have forgotten to disable hardware checksum offloading? -
@MrGamecase said in Vlan & HA:
Yes Vlan awareness is enable on the Lan port in Proxmox A & B Server, i have a VM spun up with a tag of 20 and i do not get DHCP from anything apart from the primary lan ??.??.10.?? & only when ther are no vlans involved on the CARP
Adding the Vlan ports to the carp, causes everything to display unknon peer state, Both master & backup flick to master on the vlan ports
PF Carp Master
PF Carp Backup
-
@MrGamecase this old post about ha and vlans may still come into play... I would follow derelicts instructions on how to bring up the vlan for your ha.
-
@MrGamecase this old post about ha and vlans may still come into play... I would follow derelicts instructions on how to bring up the vlan for your ha.
I come across this earlier but did not quie understand, I am but a simple noob when it comes doown to PFSense,
When you add VLANs and interfaces to a node in a high availability pair, the changes are not synced. When you finally add the CARP VIP to the master, that is synced.
I'm sort of new to pfSense HA, but I've been spending a bit of time with it lately and this is what I have learned:
pfSense (pfsync) syncs based on the internal interface designator. These are wan, lan, and optX. It doesn't care what your pretty interface name is.
It doesn't matter if you don't use the physical, untagged interfaces. Assign them to pfSense interfaces first thing. Make each HA node match exactly.
I can indeed confirm Each PFBox was mede exacly the same down to the ports assigned in Proxmox to the porst assigned in PFSense
-
@MrGamecase
Again, did you disable hardware checksum offloading in pfSense? -
can coinfirm this on both bopxes
-
@MrGamecase
Receving this on the logs of the second PFServer
-
Ok, so scrambling round for an unused switc, i have discovered the Proxmox on its own wont do layer 2 switching.. once i plugged the 2 vPFsense into a switch they started behaving as expexted....
All the CARP HA responded as primary & backup acordingly and failover works like a charm.
