opnsenseBE (OPNsense 24.10_7) still sending Multicast while all VIPs are Unicast

[itngo]

Hi,

we have a pair of Deciso-Appliances here running in HA-Setup for about 12 VLANs. All are configured for CARP/VIP in Unicast-Mode and have the configured the IP of the Slave for direct CARP.

However, when we do a traffic capture, we can still see that one last interface continues to send VRRP Announments to 224.0.0.18. This should not happen in Unicast mode right?

Code Select Expand

1 0.000000 192.168.201.3 224.0.0.18 VRRP 70 Announcement (v2)

[blacknote]

Hi,

From me, it means that your carp hasnt syncrhonized in unicast.
did you add the ACL to permit the trafic?

i dit sthg like this /maybe there is sthg easier:

create alias with all IP from master / create alias with all IP from SLAVE
floating ACL
any interface concerned
acl from master alias to slave alias
acl from slave alias to master alias

[spetrillo]

Whoa...wait a sec....are you saying the HA is now supporting unicast packets? I thought this was not coming until 2025 with a new version of FreeBSD? Did I get that wrong?

I wanted to deploy HA virtual firewalls for a client, but my cloud provider does not support multicast in their multi-tenant cloud and I was told that unicast support is a 2025 item on the roadmap. Please tell me I got this all wrong.

[franco]

24.7 and thus 24.10 have unicast CARP, yep.

https://github.com/opnsense/docs/commit/7e827e003793

See the "Peer" settings for th Virtual IP CARP addresses.


Cheers,
Franco

[spetrillo]

OMG this is fantastic!! I am going to begin testing in my client's cloud environment.