MAC Address Change support in Proxmox?

M

MrPete

Active Member
Aug 6, 2021
125
62
33
67
I'm running a two-node pfSense HA (BSD "CARP") cluster on a couple of Proxmox hosts.

Mostly, it works. However, under failover conditions, things don't work well... and I suspect it is because the secondary pfSense takes over the gateway IP address, which causes the MAC address to change.

Under ESXi, there's a setting to accept MAC Address Changes (dynamically).
What is the equivalent in Proxmox?
 
MrPete said:
Mostly, it works. However, under failover conditions, things don't work well... and I suspect it is because the secondary pfSense takes over the gateway IP address, which causes the MAC address to change.
Click to expand...
What does not work exactly? Can you set a MAC address to the carp device that is actually not a physical one, but a completely virtual one? So that the both machines have their own mac address and the carp bond a third? (I haven't used carp in this or the last decade, so bare with me)
 
  • Like
Reactions: Stoiko Ivanov
You're suggesting that the CARP on each router should have the exact same MAC? Hmmm...

I'm not sure how well the (physical) switch would handle that. Good idea! I'll look into it.
 
MrPete said:
You're suggesting that the CARP on each router should have the exact same MAC? Hmmm...

I'm not sure how well the (physical) switch would handle that. Good idea! I'll look into it.
Click to expand...
No, a separate MAC:

Code: 
Host A: xx:..:xx:01
Host B: xx:..:xx:02
CARP:   xx:..:xx:03

No idea if this works, but having the MAC separate from the VM addresses should do the trick.
 
Actually, it is now working better... once I resolved some other issues.

Turns out (at least with pfSense),
  • the MAC for the CARP virtual IP address (VIP) is static (00:00:5e:00:01:01) and identical for both systems
  • the secondary CARP VIP and MAC are disabled while not active
  • when a failover occurs, the secondary goes active...
  • ...AND an ARP is sent out, which should cause switches to realize that MAC is on a different port
With everything functioning properly, it works nicely. (This DOES assume a good quality switch ;) )
 
(FWIW, I am closing in on having a fully functional, no-issues, two-system pfSense with CARP (mirrored settings AND sync'd network states), using a single ISP WAN address. Very nice. Not 100% there but very very close.)
 
  • Like
Reactions: jonwms
MrPete said:
(FWIW, I am closing in on having a fully functional, no-issues, two-system pfSense with CARP (mirrored settings AND sync'd network states), using a single ISP WAN address. Very nice. Not 100% there but very very close.)
Click to expand...
If you have it figured out please share how you did it. This is something I’ve been looking for for a while.
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom