Hello everyone,
for HA of some services I'm trying to setup two pfSense-Firewalls on two different Hosts
which are connected via a vRack at OVH.
The network is configured on top of OpenVSwitch with several VLANs which are working great between the cluster-nodes, except for the CARP of the firewalls.
When both firewalls are on the same host everything works as expected.
Back in 2013 there was an issue in OVS with CARP. (Mail-Archive)
Is this maybe a regression?
Also there are a lots of dropped tx - packets on vmbr1, which is the one the vms connect to:
ovs-dpctl show -s
That's why tried with enabling of bpdu-frames over the ovs-switch, but no success.
To all pfSense and OVS - experts out here - please help
Any hints or suggestions are deeply appreciated!
Below the network-config and pve-version.
/etc/network/interfaces
pveversion -v
for HA of some services I'm trying to setup two pfSense-Firewalls on two different Hosts
which are connected via a vRack at OVH.
The network is configured on top of OpenVSwitch with several VLANs which are working great between the cluster-nodes, except for the CARP of the firewalls.
When both firewalls are on the same host everything works as expected.
Back in 2013 there was an issue in OVS with CARP. (Mail-Archive)
Is this maybe a regression?
Also there are a lots of dropped tx - packets on vmbr1, which is the one the vms connect to:
ovs-dpctl show -s
Code:
vmbr1 (internal)
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:1297361 aborted:0 carrier:0
collisions:0
RX bytes:0 TX bytes:0That's why tried with enabling of bpdu-frames over the ovs-switch, but no success.
Code:
ovs-vsctl set bridge vmbr1 other-config:forward-bpdu=trueTo all pfSense and OVS - experts out here - please help
Any hints or suggestions are deeply appreciated!
Below the network-config and pve-version.
/etc/network/interfaces
Code:
auto lo
iface lo inet loopback
allow-vmbr0 eth0
iface eth0 inet manual
ovs_type OVSPort
ovs_bridge vmbr0
ovs_options vlan_mode=native-untagged tag=XYZ
allow-vmbr1 eth1
iface eth1 inet manual
ovs_type OVSPort
ovs_bridge vmbr1
ovs_options vlan_mode=native-untagged tag=XYZ
allow-vmbr1 pve0
iface pve0 inet static
address X.Y.Z
netmask X.Y.Z
ovs_type OVSIntPort
ovs_bridge vmbr1
ovs_options tag=XYZ
ovs_extra set interface ${IFACE} external-ids:iface-id=$(hostname -s)-${IFACE}-vif
auto vmbr0
iface vmbr0 inet manual
ovs_type OVSBridge
ovs_ports eth0 wan0
auto vmbr1
iface vmbr1 inet manual
ovs_type OVSBridge
ovs_ports eth1 pve0
allow-vmbr0 wan0
iface wan0 inet static
address X.Y.Z
netmask X.Y.Z
gateway X.Y.Z
ovs_type OVSIntPort
ovs_bridge vmbr0
ovs_options tag=XYZ
ovs_extra set interface ${IFACE} external-ids:iface-id=$(hostname -s)-${IFACE}-vif
hwaddress ether $(cat /sys/class/net/eth0/address)pveversion -v
Code:
proxmox-ve: 4.1-37 (running kernel: 4.2.8-1-pve)
pve-manager: 4.1-13 (running version: 4.1-13/cfb599fb)
pve-kernel-4.2.6-1-pve: 4.2.6-36
pve-kernel-4.2.8-1-pve: 4.2.8-37
lvm2: 2.02.116-pve2
corosync-pve: 2.3.5-2
libqb0: 1.0-1
pve-cluster: 4.0-32
qemu-server: 4.0-55
pve-firmware: 1.1-7
libpve-common-perl: 4.0-48
libpve-access-control: 4.0-11
libpve-storage-perl: 4.0-40
pve-libspice-server1: 0.12.5-2
vncterm: 1.2-1
pve-qemu-kvm: 2.5-5
pve-container: 1.0-44
pve-firewall: 2.0-17
pve-ha-manager: 1.0-21
ksm-control-daemon: 1.2-1
glusterfs-client: 3.5.2-2+deb8u1
lxc-pve: 1.1.5-7
lxcfs: 0.13-pve3
cgmanager: 0.39-pve1
criu: 1.6.0-1
zfsutils: 0.6.5-pve7~jessie
openvswitch-switch: 2.3.2-2