Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    What should tcpdump look like?

    HA/CARP/VIPs
    3
    4
    4762
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      ace last edited by

      CARP is not working on one of the interfaces (Work ok on others).  Both master and slave FWs think they are the CARP master for this VIP.  We assume that CARP is multicast on the interface it is assigned to, not the XOVER/pfsync interfaces?

      On the master FW,

      tcpdump -i bce2 -ttt -n proto CARP

      Produces:
      1. 000999 IP 10.10.10.5 > 224.0.0.18: VRRPv2, Advertisement, vrid 16, prio 0, authtype none, intvl 1s, length 36
      1. 000999 IP 10.10.10.5 > 224.0.0.18: VRRPv2, Advertisement, vrid 16, prio 0, authtype none, intvl 1s, length 36
      1. 000996 IP 10.10.10.5 > 224.0.0.18: VRRPv2, Advertisement, vrid 16, prio 0, authtype none, intvl 1s, length 36
      1. 001000 IP 10.10.10.5 > 224.0.0.18: VRRPv2, Advertisement, vrid 16, prio 0, authtype none, intvl 1s, length 36
      1. 001000 IP 10.10.10.5 > 224.0.0.18: VRRPv2, Advertisement, vrid 16, prio 0, authtype none, intvl 1s, length 36
      1. 000999 IP 10.10.10.5 > 224.0.0.18: VRRPv2, Advertisement, vrid 16, prio 0, authtype none, intvl 1s, length 36
      1. 001001 IP 10.10.10.5 > 224.0.0.18: VRRPv2, Advertisement, vrid 16, prio 0, authtype none, intvl 1s, length 36

      On the slave fW, we get:
      1. 392001 IP 10.10.10.6 > 224.0.0.18: VRRPv2, Advertisement, vrid 16, prio 100, authtype none, intvl 1s, length 36
      1. 391999 IP 10.10.10.6 > 224.0.0.18: VRRPv2, Advertisement, vrid 16, prio 100, authtype none, intvl 1s, length 36
      1. 392000 IP 10.10.10.6 > 224.0.0.18: VRRPv2, Advertisement, vrid 16, prio 100, authtype none, intvl 1s, length 36
      1. 391999 IP 10.10.10.6 > 224.0.0.18: VRRPv2, Advertisement, vrid 16, prio 100, authtype none, intvl 1s, length 36
      1. 391998 IP 10.10.10.6 > 224.0.0.18: VRRPv2, Advertisement, vrid 16, prio 100, authtype none, intvl 1s, length 36
      1. 392003 IP 10.10.10.6 > 224.0.0.18: VRRPv2, Advertisement, vrid 16, prio 100, authtype none, intvl 1s, length 36

      What should we see if they are working correctly?

      1 Reply Last reply Reply Quote 0
      • A
        ace last edited by

        Having looked at the IF where CARP is working, both sides see the same thing, I.e. the slave "sees" the masters IP:

        1. 392001 IP 10.10.10.5 > 224.0.0.18: VRRPv2, Advertisement, vrid 16, prio 100, authtype none, intvl 1s, length 36

        So my dump doesnt tell me anything, only that both are advertising.

        1 Reply Last reply Reply Quote 0
        • marcelloc
          marcelloc last edited by

          Did you created the rules to allow each other carp traffic?

          Can both pfsenses ping each other?

          Treinamentos de Elite: http://sys-squad.com

          Help a community developer! ;D

          1 Reply Last reply Reply Quote 0
          • C
            cmb last edited by

            You should see the same on both of them. What you're seeing there shows the two can't see each other on the network. The primary's CARP should show up exactly the same on the secondary, and then the secondary won't send any CARP traffic. If it doesn't show in tcpdump, it's not getting there, even if the firewall were blocking it, it would show in tcpdump.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post