Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    VHID already in use

    Scheduled Pinned Locked Moved HA/CARP/VIPs
    6 Posts 1 Posters 3.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      ben_uk
      last edited by

      With regards to this post, http://forum.pfsense.org/index.php?topic=31279.0 . jimp mentions that is should be possible to use the same VHID (even if it is in use), if the broadcast domain is different.

      I tested this on a device with WAN and LAN interfaces, in entirely different subnets - but when trying to set both CARP VIPs to have a VHID of 1 - I get an error

      VHID # is already in use. Pick a unique number

      This is on a pair of 2.0.1-RELEASE firewalls.

      So it seems its not possible to have the same VHID in use, despite the fact it is on a separate broadcast domain and interface.

      Is this just a GUI bug?

      1 Reply Last reply Reply Quote 0
      • B
        ben_uk
        last edited by

        I'm not 100% privvy on the rules in BSD, but from what I can gather, you can have the same VHID on different broadcast domains as per http://lists.freebsd.org/pipermail/freebsd-net/2011-June/029125.html

        Which would imply what I am seeing is a GUI bug.

        In which case, would this be a suitable fix:

        +144 /usr/local/www/firewall_virtual_ip_edit.php
        From

        
        if($vip['vhid'] == $_POST['vhid'] and $idtracker <> $id)
        
        

        To

        
        if($vip['vhid'] == $_POST['vhid'] and $idtracker <> $id and $vip['interface'] == $_POST['interface'])
        
        

        From what I see in ifconfig - it would also be necessary to use a different naming convention for vips - as at present it appears to be "vip".$_POST['vhid'] - whereas it should be something like "vip".$POST['vhid']."".$_POST['interface']

        1 Reply Last reply Reply Quote 0
        • B
          ben_uk
          last edited by

          Okay, I just grabbed the latest copy from https://github.com/bsdperimeter/pfsense and I see that you've already made changes to this effect.

          In my release etc/inc/interfaces.inc contains

          
          $vipif = "vip{$vip['vhid']}";
          
          

          Whereas the newer release contains

          
          $vipif = "{$vip['interface']}_vip{$vip['vhid']}";
          
          

          I assume it would be possible to just adjust the code to suit these new values to permit such functionality?

          1 Reply Last reply Reply Quote 0
          • B
            ben_uk
            last edited by

            An observation I've made is your newer code in GitHub still wouldn't support a situation whereby you have 2 different CARP IPs on 2 different subnets on a single interface.

            Eg. a private facing network with CARP gw and internal network with CARP gw

            The VIP interface name should be

            vip_interfacenetwork addressvhid

            1 Reply Last reply Reply Quote 0
            • B
              ben_uk
              last edited by

              So in my current release, I think this would be a suitable (hack) for compatibility with the other parts of the system

              /usr/local/www/firewall_virtual_ip_edit.php

              
              ...
              		/* verify against reusage of vhids */
              		$vhid_increment = 0;
              		foreach($config['virtualip']['vip'] as $alt_vip)
              			$vhid_increment = ($alt_vip['subnet'] != $_POST['subnet'] && $alt_vip['interface'] == $_POST['interface'] && $alt_vip['vhid'] == $_POST['vhid']) ? $vhid_increment+1 : $vhid_increment;
              		$_POST['vhid'] = str_pad($_POST['vhid'], 3, "0", STR_PAD_LEFT).'_'.$_POST['interface'].'_'.$vhid_increment;
              		$idtracker = 0;
              ...
              
              <option value="<?=$i;?>" <?php="" if="" ($i="=" substr($pconfig['vhid'],0,3))="" echo="" "selected";="" ?="">></option> 
              

              /etc/inc/interfaces.inc

              
              	$vipif = "vip{$vip['vhid']}";
              	$vip['vhid'] = ltrim(substr($vip['vhid'],0,3),'0');
              
              
              1 Reply Last reply Reply Quote 0
              • B
                ben_uk
                last edited by

                So I tested the previous code and it works perfectly. Allows the same VHID to be used on the same interface and other interfaces, provided the broadcast domain is different.

                And all other functions look to work just fine with the modification of the VIP/Carp interface name.

                This is just a quick hack until 2.1 becomes stable.

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.