Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Stacked IP alias on carp doesn't work

    HA/CARP/VIPs
    5
    10
    2.2k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      Andy_
      last edited by

      To keep carp traffic to a minimum, I used an existing carp interface as parent for an ip alias, both sharing the same subnet as suggested in https://doc.pfsense.org/index.php/What_are_Virtual_IP_Addresses .
      Still, the ip alias doesn't come up, only the carp ip address visible when executing ifconfig wan_vip1. No hint in the system log, just the successful xmlrpc sync. Version: 2.1.4

      Any hints?

      Regards
      Andreas

      1 Reply Last reply Reply Quote 0
      • C
        cthomas
        last edited by

        What version of pfSense?

        1 Reply Last reply Reply Quote 0
        • A
          Andy_
          last edited by

          As stated, V2.1.4

          1 Reply Last reply Reply Quote 0
          • S
            sepulworld
            last edited by

            I have the same exact issue:

            2.1.4-RELEASE (amd64)
            built on Fri Jun 20 12:59:50 EDT 2014
            FreeBSD 8.3-RELEASE-p16

            After upgrading to 2.1.4 from 2.1.1 (I can't remember exact previous version but it was 2.1 and above).  The wan_vip1 had the IP alias addresses showing when I did an ifconfig.

            After upgrade and reboot… both firewalls in active/standby pair no longer show the virtual IP alias entries in ifconfig BUT they are still being announced and work somehow.  However when I go to add new Virtual IPs as IP alias (Same subnet as WAN VIP) they don't work at all.  The interface and XML configuration show them though.  The IP Alias will work if I assign them to the WAN instead of the floating WAN IP though.  Not ideal since it won't be managed by CARP.

            Where should I look to see what is going on?  Any ideas?

            Thanks in advance.

            1 Reply Last reply Reply Quote 0
            • R
              RobEmery
              last edited by

              CARP + VIPs on 2.1.4 is a bit broken; it doesn't apply the Aliases to the interface:

              @jimp:

              If you  use IP Alias type VIPs layered on top of CARP VIPs, use the System Patches package to apply this fix (committed this morning):

              https://github.com/pfsense/pfsense/commit/2bf2a1c4c9a4ed1c378891e2b0e55edf3ed1a658

              We've patched our 2.1.4's and it works again fine.

              1 Reply Last reply Reply Quote 0
              • S
                sepulworld
                last edited by

                Thank you for sharing RobEmery.  Will it take a while for this patch to make to a release?  I am relatively new to PFsense.

                1 Reply Last reply Reply Quote 0
                • R
                  RobEmery
                  last edited by

                  @sepulworld:

                  Will it take a while for this patch to make to a release?  I am relatively new to PFsense.

                  I haven't a clue, security patches seem to have been every couple of months for 2.1.x hopefully 2.1.5 is due soon

                  1 Reply Last reply Reply Quote 0
                  • R
                    RobEmery
                    last edited by

                    FWIW 2.1.5 is out today; and apparently has this issue fixed: https://blog.pfsense.org/?p=1401

                    1 Reply Last reply Reply Quote 0
                    • JeGrJ
                      JeGr LAYER 8 Moderator
                      last edited by

                      @Rob Hate to disappoint you, while the main problem is indeed fixed (no aliases were created with 2.1.4 anymore), there still is a bug with deleting said aliases. They won't get deleted on the backup node, thus bringing chaos to the CARP stack on that interface leading to a split-brain (master/master) situation on that interface (can be resolved by rebooting the standby node or manually deleting the aliases on the VIP interface in a root shell on console).

                      So my advice: be careful.

                      Don't forget to upvote 👍 those who kindly offered their time and brainpower to help you!

                      If you're interested, I'm available to discuss details of German-speaking paid support (for companies) if needed.

                      1 Reply Last reply Reply Quote 0
                      • R
                        RobEmery
                        last edited by

                        @JeGr:

                        @Rob Hate to disappoint you, while the main problem is indeed fixed (no aliases were created with 2.1.4 anymore), there still is a bug with deleting said aliases. They won't get deleted on the backup node, thus bringing chaos to the CARP stack on that interface leading to a split-brain (master/master) situation on that interface (can be resolved by rebooting the standby node or manually deleting the aliases on the VIP interface in a root shell on console).

                        So my advice: be careful.

                        Interesting! Do you know how long this bug has stood for, we've always had interesting behaviour with CARP + VIPs and failovers; we've always ended up rebooting the secondary for "random" problems like these.

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.