CARP & Hyper-V on 2.2 RELEASE
-
Someone mentioned that CARP & Hyper-V issues were resolved with the 2.2 RELEASE
I'm curious if it's possible to set up CARP\HA with a single WAN IP, and if so, what a high-level overview of the process is?
Thanks!
-
Hi,
Yes it is possible.
You need to configure your vSwitch to allow VLAN ID in vSwitch settings and after that configure your VM to allow trunk networks in powershell:Set-VMNetworkAdapterVlan VMNAME -Trunke -AllowedVlanIdList "2,3,4,5,6" - NativaeVlanId 0and that's should be it. It is working like regular machine :)
to check if everything is set properly:
Get-VMNetworkAdapterVlan -
sounds great.
would anybody mind to write a short tutorial? =)
thank you
-
sounds great.
would anybody mind to write a short tutorial? =)
thank you
what do you want to be in this tutorial?
It is as simple at it looks like :)
Steps:-
create VM in Hyper-V
-
create vSwitch with VLAN managment if you don't have it yet,
-
create 2 network card in VM
-
execute those 2 commands in Powershell (look at my sooner post)
-
install pfSense
-
-
ok, unfortunately I never quite understood the hypervisor prerequisites to use CARP.
Especially I don't quite get the idea of the VLAN-tags…
Are they required to run CARP in the first place? right now we got 2 pfsense-boxes (VMs on seperate hardware) with a dedicated SYNC-interface. Do we have to mess with the VLAN-Options on this sync-vswitch? Also with the VLAN Options on LAN- and WAN-vswitches?
Do you need to enable MAC-address-spoofing to get it to work? (And do you actually set MAC-addresses to the same values on both VMs ?)
And which VLAN-IDs are you reffering to in this part?:
-AllowedVlanIdList "2,3,4,5,6" - NativaeVlanId 0
Your help is greatly appreciated =) and sorry for being a noob on this ;)
-
ok, unfortunately I never quite understood the hypervisor prerequisites to use CARP.
CARP needs dedicated interface to work, only for used by CARP.
Especially I don't quite get the idea of the VLAN-tags…
Are they required to run CARP in the first place?
No, it's not required.
right now we got 2 pfsense-boxes (VMs on seperate hardware) with a dedicated SYNC-interface. Do we have to mess with the VLAN-Options on this sync-vswitch?
So if those pfSense boxes are in VMs, how those interfaces would be dedicated? Interfaces has to have different subnet, so you have to use special physical interface to connect each other or you have to use VLAN's.
Also with the VLAN Options on LAN- and WAN-vswitches?
Do you need to enable MAC-address-spoofing to get it to work? (And do you actually set MAC-addresses to the same values on both VMs ?)
MAC spoofing - I think yes, but I could check it tomorrow and make sure of that.
No, MAC's cannot be the same, if interfaces would have same MAC, traffic couldn't be routed properly.And which VLAN-IDs are you reffering to in this part?:
-AllowedVlanIdList "2,3,4,5,6" - NativaeVlanId 0
Your help is greatly appreciated =) and sorry for being a noob on this ;)
You need to create some plan for your network e.g.:
-
VLAN2 - LAN
-
VLAN3 - pfSense Sync
for me, I would create different VLAN's for printers, hosts (I have different VLAN's for each company department's), phones, WAN, pfSense.
and I would do it in pfSense, because for me working with HyperV vSwitch isn't much stable, once I've been changing configuration of interfaces and after restart interfaces were gone…
so I decided to create one interface for vSwitch, and vlan's in pfSense - in pfSense if something goes wrong all I have to is mess with config.xml file, not with snapshots of HyperV... also then I have to stop all of my VM's -
-
So, I'm fine setting up the network aspects, but from my initial research it looks like single-wan-ip CARP doesn't work as well with DHCP WAN IPs.
From what I've read, it can be done, but I have to manually assign the gateway on the slave when a failover occurs? Is this true, or is there a better way to handle DHCP WAN?
-
So, I'm fine setting up the network aspects, but from my initial research it looks like single-wan-ip CARP doesn't work as well with DHCP WAN IPs.
From what I've read, it can be done, but I have to manually assign the gateway on the slave when a failover occurs? Is this true, or is there a better way to handle DHCP WAN?
As Jims said - https://forum.pfsense.org/index.php?topic=63319.msg342542#msg342542
so I don't think it would work out of box with DHCP WAN IP, but with single-wan-ip it should work.