[SOLVED] pfSense, CARP and OVS

D

DoruB

New Member
Sep 11, 2017
11
0
1
33
Hi,

I'm trying to set up a HA pfSense cluster on two Proxmox hosts but I'm unable to make CARP and XMLRPC work between these two Proxmox hosts.
Each firewall will see itself as master (basically there is a split brain situation).

If I put both pfSense VMs on the same node the problem disappears -> so I ruled out downlink interfaces (tap) and pfSense configuration issues.

I tried different workarounds, none worked:
* setting interfaces to promisc (both downlinks & uplinks);
* disabling Proxmox nodes' firewall, SMURFS filter, NDP;

What might be the problem?

Are there some known compatibility issues which I don't know about?

I'm using:
Code: 
proxmox-ve: 5.0-20 (running kernel: 4.10.17-2-pve)
pfsense 2.4.2
ovs 2.7.0
Thanks,
Doru
 
I fixed the issue, it was because of the bond0 mode, which was balance-slb. Apparently this mode works rather complicated with multicast traffic. I've set the mode to active-backup and now everything works as expected.
 
Can confirm, balance-slb also caused problems over here. Reverting to Active-backup solved it.
Can't test it with other settings, the switches aren't capable of other bonding methods.

proxmox-ve: 5.1-42 (running kernel: 4.13.16-2-pve)
pve-manager: 5.1-51 (running version: 5.1-51/96be5354)
pve-kernel-4.13: 5.1-44
pve-kernel-4.13.16-2-pve: 4.13.16-47
pve-kernel-4.13.13-6-pve: 4.13.13-42
pve-kernel-4.13.13-1-pve: 4.13.13-31
pve-kernel-4.13.4-1-pve: 4.13.4-26
pve-kernel-4.10.17-4-pve: 4.10.17-24
pve-kernel-4.10.17-3-pve: 4.10.17-23
pve-kernel-4.10.17-2-pve: 4.10.17-20
corosync: 2.4.2-pve4
criu: 2.11.1-1~bpo90
glusterfs-client: 3.8.8-1
ksm-control-daemon: 1.2-2
libjs-extjs: 6.0.1-2
libpve-access-control: 5.0-8
libpve-apiclient-perl: 2.0-4
libpve-common-perl: 5.0-30
libpve-guest-common-perl: 2.0-14
libpve-http-server-perl: 2.0-8
libpve-storage-perl: 5.0-18
libqb0: 1.0.1-1
lvm2: 2.02.168-pve6
lxc-pve: 3.0.0-2
lxcfs: 3.0.0-1
novnc-pve: 0.6-4
openvswitch-switch: 2.7.0-2
proxmox-widget-toolkit: 1.0-15
pve-cluster: 5.0-25
pve-container: 2.0-21
pve-docs: 5.1-17
pve-firewall: 3.0-8
pve-firmware: 2.0-4
pve-ha-manager: 2.0-5
pve-i18n: 1.0-4
pve-libspice-server1: 0.12.8-3
pve-qemu-kvm: 2.11.1-5
pve-xtermjs: 1.0-2
qemu-server: 5.0-25
smartmontools: 6.5+svn4324-1
spiceterm: 3.0-5
vncterm: 1.5-3
zfsutils-linux: 0.7.7-pve1~bpo9
Click to expand...
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back