CARP packet loss (Hyper-V deployment)
-
I've been using pfSense as a Hyper-V guest for quite some time now (since 2.0 release).
Yesterday we added a second server, identical hardware, which I've installed pfSense on as a guest. I setup CARP and am having some issues.
When a single pfSense guest is running I see no issues. Minutes after I turn on the second pfSense guest I see 200-900ms gateway latency, followed by packet loss 5-8 minutes later.
I've setup the network adapters in Hyper-V to allow MAC spoofing so that isn't the issue. Im wondering if it could be a configuration on my modem side? Maybe ISP?
I don't see any flapping between the two in the logs. We also have 15 internal CARP addresses and they do failover.All internal networks show no packet loss or issues at all.
-
Sounds like maybe they can't see each other so both end up with CARP master status?
-
I don't think so. I can see one is master and one is backup. Initially this was an issue, but was solved by enabling MAC spoofing in Hyper-V Manager.
I just did a base test with two fresh 2.2.5 installs and even the presence of a CARP VIP on one of the hosts causes the packet loss to happen after 3-5 minutes.
-
That sounds like a MAC conflict in that case, something with CARP on the same VHID or VRRP using the same VRID, so conflicting virtual MAC. Change the VHID to something higher up in the range and see if that makes any difference. If not, packet capture filtered on the CARP IP and see what happens. Guessing when you're seeing packet loss, the traffic doesn't actually make it to the VM (meaning problem somewhere in Hyper-V, or the physical network).
IP conflict is another possibility that would have similar symptoms, make sure the CARP IP isn't being used elsewhere.
-
Turns out I needed to reboot the firewalls…
Im surprised that wasn't step #1. Thanks for your help!