OpenVSwitch, pfSense and CARP

R

raoro

New Member
Jan 22, 2014
12
1
1
Hello everyone,

for HA of some services I'm trying to setup two pfSense-Firewalls on two different Hosts
which are connected via a vRack at OVH.

The network is configured on top of OpenVSwitch with several VLANs which are working great between the cluster-nodes, except for the CARP of the firewalls.
When both firewalls are on the same host everything works as expected.

Back in 2013 there was an issue in OVS with CARP. (Mail-Archive)
Is this maybe a regression?

Also there are a lots of dropped tx - packets on vmbr1, which is the one the vms connect to:

ovs-dpctl show -s
Code: 
vmbr1 (internal)
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:1297361 aborted:0 carrier:0
collisions:0
RX bytes:0  TX bytes:0

That's why tried with enabling of bpdu-frames over the ovs-switch, but no success.
Code: 
ovs-vsctl set bridge vmbr1 other-config:forward-bpdu=true


To all pfSense and OVS - experts out here - please help :)

Any hints or suggestions are deeply appreciated!


Below the network-config and pve-version.


/etc/network/interfaces
Code: 
auto lo
iface lo inet loopback

allow-vmbr0 eth0
iface eth0 inet manual
    ovs_type OVSPort
    ovs_bridge vmbr0
    ovs_options vlan_mode=native-untagged tag=XYZ

allow-vmbr1 eth1
iface eth1 inet manual
    ovs_type OVSPort
    ovs_bridge vmbr1
    ovs_options vlan_mode=native-untagged tag=XYZ

allow-vmbr1 pve0
iface pve0 inet static
    address  X.Y.Z
    netmask  X.Y.Z
    ovs_type OVSIntPort
    ovs_bridge vmbr1
    ovs_options tag=XYZ
    ovs_extra set interface ${IFACE} external-ids:iface-id=$(hostname -s)-${IFACE}-vif

auto vmbr0
iface vmbr0 inet manual
    ovs_type OVSBridge
    ovs_ports eth0 wan0

auto vmbr1
iface vmbr1 inet manual
    ovs_type OVSBridge
    ovs_ports eth1 pve0

allow-vmbr0 wan0
iface wan0 inet static
    address  X.Y.Z  
    netmask  X.Y.Z
    gateway  X.Y.Z
    ovs_type OVSIntPort
    ovs_bridge vmbr0
    ovs_options tag=XYZ
    ovs_extra set interface ${IFACE} external-ids:iface-id=$(hostname -s)-${IFACE}-vif
    hwaddress ether $(cat /sys/class/net/eth0/address)

pveversion -v
Code: 
proxmox-ve: 4.1-37 (running kernel: 4.2.8-1-pve)
pve-manager: 4.1-13 (running version: 4.1-13/cfb599fb)
pve-kernel-4.2.6-1-pve: 4.2.6-36
pve-kernel-4.2.8-1-pve: 4.2.8-37
lvm2: 2.02.116-pve2
corosync-pve: 2.3.5-2
libqb0: 1.0-1
pve-cluster: 4.0-32
qemu-server: 4.0-55
pve-firmware: 1.1-7
libpve-common-perl: 4.0-48
libpve-access-control: 4.0-11
libpve-storage-perl: 4.0-40
pve-libspice-server1: 0.12.5-2
vncterm: 1.2-1
pve-qemu-kvm: 2.5-5
pve-container: 1.0-44
pve-firewall: 2.0-17
pve-ha-manager: 1.0-21
ksm-control-daemon: 1.2-1
glusterfs-client: 3.5.2-2+deb8u1
lxc-pve: 1.1.5-7
lxcfs: 0.13-pve3
cgmanager: 0.39-pve1
criu: 1.6.0-1
zfsutils: 0.6.5-pve7~jessie
openvswitch-switch: 2.3.2-2
 
Sadly no one could help. :-(

Switched back to classical linux vlan and bridge-tools.

Now everything is working as expected.

Thought I'd go with sth more comfortable and fresh, but just too many issues arose.
 
  • Like
Reactions: Jero
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back