Problems with CARP

Started by Perun, February 22, 2018, 07:10:53 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
February 22, 2018, 07:10:53 AM
Hi

I have 2 opnsense installations - one on apu2c4 and one as xen vm (both with latest version 18.1.2)

I have some weird effects with CARP configuration. The hosts doesnt have 1:1 same interfaces but I use CARP only on these the are on both opnsense installations:

first:
Code Select

<virtualip>
    <vip>
      <type>single</type>
      <subnet_bits>24</subnet_bits>
      <mode>carp</mode>
      <interface>opt2</interface>
      <descr>carp_cable</descr>
      <subnet>192.168.40.2</subnet>
      <vhid>40</vhid>
      <advskew>100</advskew>
      <advbase>30</advbase>
      <password>!c4rp!</password>
    </vip>
    <vip>
      <type>single</type>
      <subnet_bits>24</subnet_bits>
      <mode>carp</mode>
      <interface>opt5</interface>
      <descr>carp_lan_wlan</descr>
      <subnet>192.168.50.2</subnet>
      <vhid>50</vhid>
      <advskew>100</advskew>
      <advbase>30</advbase>
      <password>!c4rp!</password>
    </vip>
    <vip>
      <type>single</type>
      <subnet_bits>24</subnet_bits>
      <mode>carp</mode>
      <interface>opt3</interface>
      <descr>carp_vdsl</descr>
      <subnet>192.168.140.2</subnet>
      <vhid>140</vhid>
      <advskew>100</advskew>
      <advbase>30</advbase>
      <password>!c4rp!</password>
    </vip>
    <vip>
      <type>single</type>
      <subnet_bits>24</subnet_bits>
      <mode>carp</mode>
      <interface>opt1</interface>
      <descr>carp_lan_media</descr>
      <subnet>192.168.150.2</subnet>
      <vhid>150</vhid>
      <advskew>100</advskew>
      <advbase>30</advbase>
      <password>!c4rp!</password>
    </vip>
  </virtualip>


second:
Code Select

<virtualip>
    <vip>
      <type>single</type>
      <subnet_bits>24</subnet_bits>
      <mode>carp</mode>
      <interface>wan</interface>
      <descr>carp_cable</descr>
      <subnet>192.168.40.2</subnet>
      <vhid>40</vhid>
      <advskew>200</advskew>
      <advbase>40</advbase>
      <password>!c4rp!</password>
    </vip>
    <vip>
      <type>single</type>
      <subnet_bits>24</subnet_bits>
      <mode>carp</mode>
      <interface>lan</interface>
      <descr>carp_lan_wlan</descr>
      <subnet>192.168.50.2</subnet>
      <vhid>50</vhid>
      <advskew>200</advskew>
      <advbase>40</advbase>
      <password>!c4rp!</password>
    </vip>
    <vip>
      <type>single</type>
      <subnet_bits>24</subnet_bits>
      <mode>carp</mode>
      <interface>opt1</interface>
      <descr>carp_vdsl</descr>
      <subnet>192.168.140.2</subnet>
      <vhid>140</vhid>
      <advskew>200</advskew>
      <advbase>40</advbase>
      <password>!c4rp!</password>
    </vip>
    <vip>
      <type>single</type>
      <subnet_bits>24</subnet_bits>
      <mode>carp</mode>
      <interface>opt2</interface>
      <descr>carp_lan_media</descr>
      <subnet>192.168.150.2</subnet>
      <vhid>150</vhid>
      <advskew>200</advskew>
      <advbase>40</advbase>
      <password>!c4rp!</password>
    </vip>
  </virtualip>


The first router should be ever a master if it is running.

Sometimes after a reboot some interfaces are master and some backup on first und second router... I need to disable/enable CARP and then it works... Is something wrong with this configuration?

TiA
Greetz
February 22, 2018, 11:46:18 AM #1
could it be that xen doesn't allow spoofing and so on?
on ESXi you need things enabled like

promiscuous mode - accept
mac address change- accept
forged transmits - accept

on hyperv
mac spoofing allowed


Xenserver (not Xen)
https://support.citrix.com/article/CTX121729

A little ex-course to Hypervisor's (sorry to link pfsense)
https://doc.pfsense.org/index.php/CARP_Configuration_Troubleshooting#Conflicting_VHIDs

Also you should not forget that some switches also must allow Load Balancing / High Availability Features.

February 22, 2018, 07:06:01 PM #2 Last Edit: February 23, 2018, 06:51:07 AM by Perun
I have made settings on the bridges on hypervisor and now are all interfaces on the opnsense vm in promiscous mode...

but I have still an issue with this part on the first router:

Code Select

<vip>
      <type>single</type>
      <subnet_bits>24</subnet_bits>
      <mode>carp</mode>
      <interface>opt5</interface>
      <descr>carp_lan_wlan</descr>
      <subnet>192.168.50.2</subnet>
      <vhid>50</vhid>
      <advskew>100</advskew>
      <advbase>30</advbase>
      <password>!c4rp!</password>
    </vip>


after start (boot) it is in a undefined state, see attachement
it is a bridge interface on the apu2c4, can this be the problem? all other (non bridge) interfaces are working correctly

February 23, 2018, 07:35:47 AM #3
could be the different interface's (example carp_lan_wlan on router 1 is on opt5 and carp_lan_wlan on router 2 is on lan interface) be the problem?

how can I rename the interfaces?
Print
Go Up Pages1
User actions