I’m trying to configure 2x Opnsense instances in high availability mode with carp vip interfaces on single pve host. I know it’s not full HA but I want software HA and also simply to test it.
VMs are connected through 2 bridges: 1 on WAN side, the other on LAN side (and further trunk physical link to switch).
IGMP snooping is disabled in (UniFi) switches.
But problem I’m facing is duplicated communication/data flow to and from both VMs; both instances have same looking graphs in webgui - network flow and also cpu. Despite they don’t change their master/backup status (no flapping at carp status) I have something similar to split brain situation, for example if I communicate with webgui or ssh on carp vip interface, reply comes either from one of those two and toggles every few seconds. If I ping them, reply is duplicated (“DUP!”). Communication to other hosts and WAN is ok.
I have already set Mac filter to “no” in VM’s firewall options (pve firewall is disabled). I tried ovs and Linux bridges with same results.
Is it possible to set it up correctly?
VMs are connected through 2 bridges: 1 on WAN side, the other on LAN side (and further trunk physical link to switch).
IGMP snooping is disabled in (UniFi) switches.
But problem I’m facing is duplicated communication/data flow to and from both VMs; both instances have same looking graphs in webgui - network flow and also cpu. Despite they don’t change their master/backup status (no flapping at carp status) I have something similar to split brain situation, for example if I communicate with webgui or ssh on carp vip interface, reply comes either from one of those two and toggles every few seconds. If I ping them, reply is duplicated (“DUP!”). Communication to other hosts and WAN is ok.
I have already set Mac filter to “no” in VM’s firewall options (pve firewall is disabled). I tried ovs and Linux bridges with same results.
Is it possible to set it up correctly?