CARP doesn't seem to work over MacVTap

  • Hey Guys,

    If I create Linux bridges, then connect those bridges to a VirtIO interface inside pfSense, everything runs pretty normal. That's defined like this:

        <interface type="bridge"><source bridge="lan0">
          <model type="virtio"><driver name="vhost" queues="5"><address type="pci" domain="0x0000" bus="0x00" slot="0x05" function="0x0">
    Everything runs ok…. well except about a 1ms-3ms of additional latency, bandwidth is about 300mbit less, and the KVM process maxes out a CPU core or two....  So I removed my Linux bridges, and tried to set the network interfaces inside my xml to:

    <interface type="direct" trustguestrxfilters="yes"><source dev="eth0">
          <model type="virtio" mode="bridge"><driver name="vhost"><address type="pci" domain="0x0000" bus="0x00" slot="0x05" function="0x0">

    Which works, except the primary (still on bare metal) the the backup (the one I virtualized) but go into MASTER on CARP on all interfaces and wreak havok as two boxen now claim the same IP.

    Any ideas? I'm unsure how CARP works under the covers and why it'd be affected by MacVTAP :(</address></driver></model></interface>

  • I'm starting to think this is caused by something in the kvm/qemu/macvtap stack that isn't allowing mac or arp spoofing.

    Tried switching to e1000 drivers for the hell of it with no luck. I'm in Ubuntu Server 14.04. Does anyone else virtualize their firewall on KVM and use CARP??

  • Found this… though it doesn't mention why exactly FreeBSD head fixes the issue:

Log in to reply