Packet loss on HA backup firewall

Started by user1234, Today at 08:50:04 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
Today at 08:50:04 PM
I have setup a pair of firewalls using three public IPs all within a /24 subnet. This is the same setup as shown in the docs just with different IPs. https://docs.opnsense.org/_images/900px-Carp_setup_example.png.

The problem is the backup firewall (doesn't matter which one) has severe packet loss (40-80%). The primary firewall always works fine when using the VIP.

For example in the diagram above if I ping 8.8.8.8 or any other site from the backup firewall using 172.18.0.102 I get packet loss. If I failover then I get packet loss when pinging from 172.18.0.101.

I haven't got any NAT rules other than for the VIP.

Any idea what could be causing this or what I can check to debug the issue? Thanks
Today at 08:59:27 PM #1
Check the CAM tables of your switches, most likely there is some MAC address learning issue at play.

Follow the troubleshooting guide:

https://docs.opnsense.org/manual/how-tos/carp.html#troubleshooting
Hardware:
DEC740
Print
Go Up Pages1
User actions