MAC Address Change support in Proxmox?


Active Member
Aug 6, 2021
I'm running a two-node pfSense HA (BSD "CARP") cluster on a couple of Proxmox hosts.

Mostly, it works. However, under failover conditions, things don't work well... and I suspect it is because the secondary pfSense takes over the gateway IP address, which causes the MAC address to change.

Under ESXi, there's a setting to accept MAC Address Changes (dynamically).
What is the equivalent in Proxmox?
Mostly, it works. However, under failover conditions, things don't work well... and I suspect it is because the secondary pfSense takes over the gateway IP address, which causes the MAC address to change.
What does not work exactly? Can you set a MAC address to the carp device that is actually not a physical one, but a completely virtual one? So that the both machines have their own mac address and the carp bond a third? (I haven't used carp in this or the last decade, so bare with me)
  • Like
Reactions: Stoiko Ivanov
You're suggesting that the CARP on each router should have the exact same MAC? Hmmm...

I'm not sure how well the (physical) switch would handle that. Good idea! I'll look into it.
You're suggesting that the CARP on each router should have the exact same MAC? Hmmm...

I'm not sure how well the (physical) switch would handle that. Good idea! I'll look into it.
No, a separate MAC:

Host A: xx:..:xx:01
Host B: xx:..:xx:02
CARP:   xx:..:xx:03

No idea if this works, but having the MAC separate from the VM addresses should do the trick.
Actually, it is now working better... once I resolved some other issues.

Turns out (at least with pfSense),
  • the MAC for the CARP virtual IP address (VIP) is static (00:00:5e:00:01:01) and identical for both systems
  • the secondary CARP VIP and MAC are disabled while not active
  • when a failover occurs, the secondary goes active...
  • ...AND an ARP is sent out, which should cause switches to realize that MAC is on a different port
With everything functioning properly, it works nicely. (This DOES assume a good quality switch ;) )
(FWIW, I am closing in on having a fully functional, no-issues, two-system pfSense with CARP (mirrored settings AND sync'd network states), using a single ISP WAN address. Very nice. Not 100% there but very very close.)
  • Like
Reactions: jonwms
(FWIW, I am closing in on having a fully functional, no-issues, two-system pfSense with CARP (mirrored settings AND sync'd network states), using a single ISP WAN address. Very nice. Not 100% there but very very close.)
If you have it figured out please share how you did it. This is something I’ve been looking for for a while.