1
19.1 Legacy Series / VMWare & CARP
« on: March 28, 2019, 08:58:47 pm »
Hey there. To start with I do know many fora have lot's of topics on this issue. I know that because I've seen all these topics trying to solve the problem by myself for the past four or five weeks. And I did finally on the WAN side, but I cannot get it to work on the LAN side. So now I come to the source. Here's the Setup that encloses my problem with CARP.
I have two HP DL380 G7's both equally configured. They both have four servers running. They are an A and a B environment. So it doesn't matter which one I use to explain the situation to begin with. Functionality:
- Opnsense Firewall
- CentOS 7 Realm manager
- CentOS 7 Applicationserver (Webmin for console management)
- CentOS 7 Webserver (Mutlidomain, Webmin/ Virtualmin)
I guess most of you will understand all of these are to be in failover configuration.
On the CentOS side I am on top of the situation. But even after reading many Netgate, Opnsense and Pfsense totorials and fora tips and advices i think we can add some good info here. I have a problem with the Master/ Slave switching inside my LAN. They tend to stay Master/ Master. Which happened on the WAN side as well but that got solved by making sure the switch it is connected to is a port group with flow control enabled. Here I do wonder how things will be working as soon as I get my secondary Internet connection. But we'll see about that later. The current situation on the WAN side proves CARP is working.
So I am used to thinking of the WAN side as the front side of my config. Just so you understand what I mean when I say on the backside of my config, the 1 subnet running through the A and the B side (10.10.30.0/24) connects all servers and services with either one simple ethernet cable (that should become two as soon as the failover is working), or a simple switch, or a managed switch. It doesn't matter. It all behaves like One. Except CARP.
Since my 'WAN' is actually one LAN, I feel I could find my answer in that, to explain why the failover on that side is working. But inside the double ESXi VMWare environment connected with the simple ethernet connection, the rules seem different.
I have setup the LAN physical adapters to all VLans (4095), allow promiscuous mode, MAC address Changes (spoofing), Forged transmits (?) no traffic shaping policies enabled, load balancing based on IP Hash & link status only, and the notify Switch option, Failback and Override options unticked (configured only on portgroup or the complete vSwitch, same result.)
Once again, these settings work on the WAN side where it didn't work before I made a port group, with the same name and flow control enabled.
What am I missing in VMWare networking (and I might even say after reading all the posts from all the dates; what are we missing), that makes it so hard for vmx* interfaces to failover by CARP? Any help would be appreciated and surely not only by me, if we figure this one out for once, and for all. I will write the tutorial if we get it right.
I have two HP DL380 G7's both equally configured. They both have four servers running. They are an A and a B environment. So it doesn't matter which one I use to explain the situation to begin with. Functionality:
- Opnsense Firewall
- CentOS 7 Realm manager
- CentOS 7 Applicationserver (Webmin for console management)
- CentOS 7 Webserver (Mutlidomain, Webmin/ Virtualmin)
I guess most of you will understand all of these are to be in failover configuration.
On the CentOS side I am on top of the situation. But even after reading many Netgate, Opnsense and Pfsense totorials and fora tips and advices i think we can add some good info here. I have a problem with the Master/ Slave switching inside my LAN. They tend to stay Master/ Master. Which happened on the WAN side as well but that got solved by making sure the switch it is connected to is a port group with flow control enabled. Here I do wonder how things will be working as soon as I get my secondary Internet connection. But we'll see about that later. The current situation on the WAN side proves CARP is working.
So I am used to thinking of the WAN side as the front side of my config. Just so you understand what I mean when I say on the backside of my config, the 1 subnet running through the A and the B side (10.10.30.0/24) connects all servers and services with either one simple ethernet cable (that should become two as soon as the failover is working), or a simple switch, or a managed switch. It doesn't matter. It all behaves like One. Except CARP.
Since my 'WAN' is actually one LAN, I feel I could find my answer in that, to explain why the failover on that side is working. But inside the double ESXi VMWare environment connected with the simple ethernet connection, the rules seem different.
I have setup the LAN physical adapters to all VLans (4095), allow promiscuous mode, MAC address Changes (spoofing), Forged transmits (?) no traffic shaping policies enabled, load balancing based on IP Hash & link status only, and the notify Switch option, Failback and Override options unticked (configured only on portgroup or the complete vSwitch, same result.)
Once again, these settings work on the WAN side where it didn't work before I made a port group, with the same name and flow control enabled.
What am I missing in VMWare networking (and I might even say after reading all the posts from all the dates; what are we missing), that makes it so hard for vmx* interfaces to failover by CARP? Any help would be appreciated and surely not only by me, if we figure this one out for once, and for all. I will write the tutorial if we get it right.