ISP required featured for CARP?
We have a site in Vancouver with internet service from Shaw.
We have the required* three consecutive IP's in the same subnet.
Configuring CARP works fine on the internal and DMZ interfaces, but not on the external (all the IP's work if configured as WAN addresses). I'm guessing that this is because the ISP doesn't allow the required redirect, but I'm not sure what sort of redirect it needs…
Does anyone know what I need to ask Shaw to enable for me?
*To go off on a a bit of a tangent and not wanting to sound too ungrateful, the carpdev directive has been around for ages now, we shouldn't need 3 static ip's to do CARP any more. I know it's a small percentage of us that do this regularly, but public IP's are becoming more and more scarce...
carpdev doesn't exist in FreeBSD.
There is nothing required on the ISP's side for CARP. When you're switching around between IP alias and CARP, you're putting wrong entries in the upstream ARP cache. If that's on your modem, power cycle it. Otherwise you'll have to wait hours for it to timeout.
Hmm, thanks cmb. I suspected ARP caches may have something to do with it, I'm hoping it'll just work when I get to work tomorrow (ARP caches last about 4 hours iirc?)
Funny thing is that it didn't work after the initial config either and I did try a modem reboot this afternoon, so I was thinking maybe it was an ISP security thing of some kind (anti ARP poisoning? I'm getting a bit out of my depth here.)
re carpdev: That's a shame. I must be mixing up my BSD's :-$
I did find this post: http://lists.freebsd.org/pipermail/freebsd-stable/2012-February/066143.html
which suggests that it's technically possible (albeit with a different method) with 10-CURRENT. I guess pfSense is still (and probably quite rightly) using 9?
8 with 2.2 release probably going to 10.
One other thing that may bite you on cable modems, depending on the type, is the MAC address limit some enforce. That's more common with residential dynamic service and not common with business class service, but some cable modems will only allow the first X MACs they see where X is the number of "authorized" hosts you're allowed to have by the provider. Each CARP IP has a unique virtual MAC.
Oooh, does that mean that we get the feature in 2.2 then? crosses fingers
I guess I could test the MAC limit theory by turning off one of the boxes, rebooting the modem to clear the cache and then testing to see if the CARP IP works?
IIRC with Shaw your static IP assignment is on the modem and there aren't any MAC restrictions, but it's worth experimenting (I'd check packet captures instead personally).