Hi,
we have a pair of Deciso-Appliances here running in HA-Setup for about 12 VLANs. All are configured for CARP/VIP in Unicast-Mode and have the configured the IP of the Slave for direct CARP.
However, when we do a traffic capture, we can still see that one last interface continues to send VRRP Announments to 224.0.0.18. This should not happen in Unicast mode right?
1 0.000000 192.168.201.3 224.0.0.18 VRRP 70 Announcement (v2)
Hi,
From me, it means that your carp hasnt syncrhonized in unicast.
did you add the ACL to permit the trafic?
i dit sthg like this /maybe there is sthg easier:
create alias with all IP from master / create alias with all IP from SLAVE
floating ACL
any interface concerned
acl from master alias to slave alias
acl from slave alias to master alias
Whoa...wait a sec....are you saying the HA is now supporting unicast packets? I thought this was not coming until 2025 with a new version of FreeBSD? Did I get that wrong?
I wanted to deploy HA virtual firewalls for a client, but my cloud provider does not support multicast in their multi-tenant cloud and I was told that unicast support is a 2025 item on the roadmap. Please tell me I got this all wrong.
24.7 and thus 24.10 have unicast CARP, yep.
https://github.com/opnsense/docs/commit/7e827e003793
See the "Peer" settings for th Virtual IP CARP addresses.
Cheers,
Franco
OMG this is fantastic!! I am going to begin testing in my client's cloud environment.