[Solved] CARP on LAGG0, tagged VLANs and HP procurve interswitch connect
Yesterday we switched from normal trunk mode to an isc-trunk between our two core switches and this had a surprising effect.
All my LAGG CARP master IP addresses in tagged VLANs no longer respond. The systems are in one untagged VLAN where it does respond to the CARP IP. The two machines are actually connected to switch 1 as we are trying to work our way to a fully redundant setup.
Any ideas guys? Nothing changed on the pfsense side so I assume there's something missing in the switch config.
Currently working around the problem by pointing at the master machine real IP but now I don't have redundant firewalls…
I just noticed my lagg0_vlans don't have VLAN_HWTAGGING
lagg0_vlan253: flags=8943 <up,broadcast,running,promisc,simplex,multicast>metric 0 mtu 1500
options=3 <rxcsum,txcsum>While the one that is working (in the untagged vlan) does have it:
lagg0: flags=8943 <up,broadcast,running,promisc,simplex,multicast>metric 0 mtu 1500
options=4009b <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,vlan_hwtso>– never mind that --
Looking at other boxes that I have which are working and only the parent interface has the VLAN_HWTAGGING option.
I seem to remember the switch guy turning on spanning tree so I'm looking into that now.
To clarify the CARP master/backup mode is negotiated fine and the main firewall is master in all my VLANs I just can't ping the CARP IP in any tagged VLAN.</rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,vlan_hwtso></up,broadcast,running,promisc,simplex,multicast></rxcsum,txcsum></up,broadcast,running,promisc,simplex,multicast>
Solved this on my own I think.
Wasn't spanning tree. It was the vrrp we also enabled between the two switches.
I thought using the VLAN tag as the VHID was a nice way of keeping things lined up but since the switch uses the same for it's vrrp tag apparently that's where everything broke.
Simply incrementing my VHID on the pfsense pair by 1 has everything working again.