[SOLVED] pfSense CARP on KVM Hypervisor?
fraenki last edited by
I'm running pfSense on a KVM Hypervisor (oVirt/FC19), which is working just fine. But for some reason CARP is not working.
I can see the VRRP advertisements on my KVM hypervisor coming in from one pfSense VM…
kvm# tcpdump -i vnet13 -s 1500 -n -X |grep -i vrrp tcpdump: WARNING: vnet13: no IPv4 address assigned tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on vnet13, link-type EN10MB (Ethernet), capture size 1500 bytes 11:17:46.386437 IP 10.10.10.1 > 22.214.171.124: VRRPv2, Advertisement, vrid 2, prio 0, authtype none, intvl 1s, length 36 11:17:47.353269 IP 10.10.10.1 > 126.96.36.199: VRRPv2, Advertisement, vrid 2, prio 0, authtype none, intvl 1s, length 36 11:17:48.363266 IP 10.10.10.1 > 188.8.131.52: VRRPv2, Advertisement, vrid 2, prio 0, authtype none, intvl 1s, length 36
… but they never reach the interface of the secondary pfsense VM. Besides that the CARP IP is not reachable from any other host. The ARP table shows this:
kvm# arp -a | grep pfsense pfsense-carp.example.com (10.10.10.10) at <incomplete>on mytestint pfsense1.example.com (10.10.10.1) at 00:aa:44:00:xx:xx [ether] on mytestint</incomplete>
Is CARP supposed to work on KVM Hypervisors or are any specials tweaks and configs required to make it work?
fraenki last edited by
OK, this was easy to solve. My KVM Hypervisor is oVirt… I wasn't aware that they introduced the network-filters feature which prevents guests from spoofing other mac-addresses than these which are assigned by the oVirt engine.
I just needed to disable this anti-spoofing feature. Now uCARP and CARP is working as expected :-)
More information is available from this post on the ovirt-users mailinglist.
jsvg last edited by
Can you describe how you did this? Didn't find the hints on the user list. Thanks!
ravnos_kun last edited by
Just in case someone needs:
1. In the ovirt-engine run: engine-config -s EnableMACAntiSpoofingFilterRules=false
2. Restart the ovirt-engine service
3. Halt and start the vms (a simple reboot does not work)
4. Re-run the test
Also, be sure the vms interfaces are e1000 (not virtIO)
mosesBD last edited by
i am also having issue with carp running kvm/qemu with libvirt.
the devices see each other and choose master and slave respectively but if i turn one off the clients cannot access the virtual ip anymore.
is this fix applicable in my case and if so how do i do it?