CARP problem: ping only works from the master itself

F

felixhj

Im setting up PF+NAT, and want to have 2 machines (2 x FREEBSD 8.0 on vmware ESXi 3.5) in fail-over mode using CARP+pfsync.

I want to configure them as:

le0 = "WAN" ip for NAT/FW (for carp0)
le1 = "LAN" ip for NAT/FW (for carp1)
le2 = "host-interface" (to login with SSH)
le3 = for pfsync via a closed VLAN

on both machines i have

Code: 
net.inet.carp.allow: 1
net.inet.carp.preempt: 1
net.inet.carp.log: 1
net.inet.carp.arpbalance: 1
net.inet.carp.suppress_preempt: 0

Problem: it looks like CARP failover works, but i can only ping the virtual interface from the host that is currently master. The virtual interface IP address is 172.16.100.180, PF is currently turned off.

On host M (with le1 = 172.16.100.252) I have

Code: 
carp1: flags=49<UP,LOOPBACK,RUNNING> metric 0 mtu 1500
	inet 172.16.100.180 netmask 0xffff0000 
	carp: MASTER vhid 1 advbase 1 advskew 80

and I can ping 172.16.100.180 from M but not from anywhere else

On host C (with le1 = 172.16.100.251) I have

c
Code: 
arp1: flags=49<UP,LOOPBACK,RUNNING> metric 0 mtu 1500
	inet 172.16.100.180 netmask 0xffffff00 
	carp: BACKUP vhid 1 advbase 1 advskew 0

and i cant ping 172.16.100.180

I can make them switch MASTER/BACKUP roles by "ifconfig le1 down && ifconfig le1 up" on the master so that part behaves as expected (I assume).

Both 172.16.100.251 and 172.16.100.252 can ping each other.

Is the problem that the carp1 interface is not "bound" to any of the le* nics? And if so how does one do that?
 
It is solved (and yes i see one of the netmasks is wrong above): when i set the vmware vSwitch to "accept promiscous" everything worked.
 
You must log in or register to reply here.
Back
Top