Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Gratuitous arp from virtual IPs?

    Scheduled Pinned Locked Moved HA/CARP/VIPs
    18 Posts 14 Posters 12.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • H
      hcoin
      last edited by

      I'm seeing the same thing with a Cisco cable modem / router.  The ISP says pfsense is sending a packet with the interface's MAC but the VIP's address, which they are loading into their ARP table.  They are also claiming pfsense is sending a packet with the first VIP's mac address, and the interface's IP.  As a result, they send nothing.  Just started happening a  week ago with no change I know about to pfsense.

      1 Reply Last reply Reply Quote 0
      • H
        hcoin
        last edited by

        Here's the culprit:

        http://unix.derkeiler.com/Mailing-Lists/FreeBSD/net/2011-10/msg00229.html
        "CARP arp replays with wrong src mac"  / CARP arp replies with wrong src mac

        I'm now working on major rewrite of CARP for FreeBSD 10, and
        I'd like to take all related PRs.

        http://www.freebsd.org/cgi/query-pr.cgi?pr=141023

        In the case of all Cisco routers sent out there by Mediacom.  It used to work, it worked two weeks ago, now it doesn't work.  The guy who works the noc desk at mediacom doesn't read the RFC, he just complains about alarms going off.  In the end, I just need it to work.

        1 Reply Last reply Reply Quote 0
        • R
          roemel
          last edited by

          Hi

          I've the same issue. I've now adopted the script for pfsense 2.3 and also changes it in that way that it sends the virtual CARP MAC in the gratutious arp instead of the MAC of the physical Interface.

          
          #!/usr/local/bin/php -f
          
          /* $Id$ */
          /*
                  rc.viparp
                  Shahid Sheikh
          
                  requires arping package.
                  generates unsolicited arp response to a gateway.
          */
          /*
          Romeo Benzoni
          - adopted to run on 2.3 (get_carp_interface_status changes signature)
          - send arp response using the virtual MAC
          */
          
          /* parse the configuration and include all functions used below */
          require_once("/etc/inc/config.inc");
          require_once("/etc/inc/gwlb.inc");
          require_once("/etc/inc/interfaces.inc");
          require_once("/etc/inc/pkg-utils.inc");
          
          $bad_arp_gw = trim($argv[1], " \n");
          $package_name = "arping";
          if (is_package_installed($package_name)) {
                  $bad_arp_gw_int = lookup_gateway_interface_by_name($bad_arp_gw);
                  $bad_arp_gw_ip = lookup_gateway_ip_by_name($bad_arp_gw);
                  if (!empty($bad_arp_gw_int)) {
                          foreach ($config['virtualip']['vip'] as $vip) {
                                  if ($vip['mode'] == "carp" && $vip['interface'] == $bad_arp_gw_int) {
                                          $vip_int = "{$vip['interface']}_vip{$vip['vhid']}";
                                          $status = get_carp_interface_status("_vip{$vip['uniqid']}");
                                          if ($status == "MASTER") {
                                                  $mac = sprintf("00:00:5E:00:01:%02X", $vip['vhid']);
                                                  log_error("Sending ARP for CARP VIP {$vip['subnet']}'s MAC $mac to {$bad_arp_gw_ip}");
                                                  mwexec("/usr/local/sbin/arping -s $mac -S {$vip['subnet']} -c 3 {$bad_arp_gw_ip}");
                                          }
                                  }
                          }
                  }
          } else {
                  log_error($package_name . " package is not installed.");
          }
          ?>
          
          

          Regards

          Romeo

          @ssheikh:

          Yeah, this was Charter Cable in LA. Done butting heads with them >:(.

          Whipped up this script and I run it from cron.

          Pass the gateway name to it as the argument. I don't know how often or if at all the cache on the router ever clears. I am running the script every 13 minutes.

          1 Reply Last reply Reply Quote 0
          • W
            wiki345
            last edited by

            Thank you,solve my problem。

            [carp] CARP arp replays with wrong src mac
            https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=141023
            Who can patch this problem on freebsd 10 ?

            @roemel:

            Hi

            I've the same issue. I've now adopted the script for pfsense 2.3 and also changes it in that way that it sends the virtual CARP MAC in the gratutious arp instead of the MAC of the physical Interface.

            1 Reply Last reply Reply Quote 0
            • W
              wiki345
              last edited by

              Why net.link.ether.inet.carp_mac set to 1,can not fix src mac to carp vip mac?
              https://github.com/pfsense/FreeBSD-src/commit/f59b244dc6ec16616ed00a9cf33b4d1fcc839a36

              1 Reply Last reply Reply Quote 0
              • B
                broonu
                last edited by

                @wiki345:

                Why net.link.ether.inet.carp_mac set to 1,can not fix src mac to carp vip mac?
                https://github.com/pfsense/FreeBSD-src/commit/f59b244dc6ec16616ed00a9cf33b4d1fcc839a36

                sorry for reviving thi thead, but how to apply this?

                1 Reply Last reply Reply Quote 0
                • N
                  nicknack
                  last edited by

                  +1..
                  Not quite fluent with php, but i saw a specific mac address in the script ?
                  Where should i put mine ?

                  ( our pfsense, master + slave are just another vm guest, so they have virtio mac addresses. )

                  @broonu:

                  @wiki345:

                  Why net.link.ether.inet.carp_mac set to 1,can not fix src mac to carp vip mac?
                  https://github.com/pfsense/FreeBSD-src/commit/f59b244dc6ec16616ed00a9cf33b4d1fcc839a36

                  sorry for reviving thi thead, but how to apply this?

                  1 Reply Last reply Reply Quote 0
                  • E
                    eelco_akker
                    last edited by

                    • Install Arping
                    • Install Cron
                    • Save the latest 2.3 script to a php file
                    • Transfer the php file to your pfsense box via winscp (in my case /scripts)
                    • Services, Cron, Add (GATEWAYNAME IS CASESENSITIVE !!!)
                      /usr/local/bin/php -f /scripts/arp_vip.php GATEWAYNAME

                    Example

                    • / 3 * * * * root /usr/local/bin/php -f /scripts/arp_vip.php Ziggo_KELDER_GW
                    1 Reply Last reply Reply Quote 0
                    • R
                      rightnow
                      last edited by

                      Had the same problem with my Virtual IP Aliases. Couldn't get the script working for that so I in hurry needed to change it and simply it for my case. Maybe it can be of use  even though its made by a noob.

                      
                      #!/usr/local/bin/php -f
                      
                      require_once("/etc/inc/config.inc");
                      require_once("/etc/inc/gwlb.inc");
                      require_once("/etc/inc/interfaces.inc");
                      require_once("/etc/inc/pkg-utils.inc");
                      
                      $gatewayName = trim($argv[1], " \n");
                      
                      $packageName = "arping";
                      
                      if (is_package_installed($packageName)) {
                      	$gatewayInterface 	= lookup_gateway_interface_by_name($gatewayName);
                          $gatewayIp 			= lookup_gateway_ip_by_name($gatewayName);
                      
                      	if (!empty($gatewayName)) {
                      		$found = false;
                      		foreach ($config['virtualip']['vip'] as $vip) {
                      			if ($vip['interface'] == $gatewayInterface) {
                      				log_error('Sending ARP for Virtual IP ' . $vip['subnet'] . ' to ' . $gatewayIp);
                      				mwexec('/usr/local/sbin/arping -S ' . $vip['subnet'] . ' -c 3 ' . $gatewayIp);
                      
                      				$found = true;
                      			}
                      		}
                      
                      		if (!$found) log_error('Found no Virtual IP tied to this gateway: '  . $gatewayName . '\n');
                      	} else  {
                      		log_error('You forgot to supply the Gateway name.');
                      	}
                      } else {
                      		log_error($packageName . " package is not installed.");
                      }
                      ?>
                      
                      
                      1 Reply Last reply Reply Quote 0
                      • T
                        TitanSystems
                        last edited by

                        Just a bit of help for anyone still dealing with this issue. Here in Chattanooga, TN we have EPB Internet that times out vip's after 4 hours of no arp. This thread has been extremely helpful. It is a bit easier to implement now. If you install the Filer and Cron package from package manager, you can drop this script right into a file and edit if needed. Schedule right from the GUI. No more ssh needed.

                        The only hiccup I ran into was when I copied the above script, I didn't notice that the <? was missing at the beginning and it kept failing until I hit the shell to see what was happening.

                        BTW, @rightnow version works perfectly on 2.5.1-RELEASE

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.