[SOLVED] pfSense, CARP and OVS

D

DoruB

New Member
Sep 11, 2017
11
0
1
33
Hi,

I'm trying to set up a HA pfSense cluster on two Proxmox hosts but I'm unable to make CARP and XMLRPC work between these two Proxmox hosts.
Each firewall will see itself as master (basically there is a split brain situation).

If I put both pfSense VMs on the same node the problem disappears -> so I ruled out downlink interfaces (tap) and pfSense configuration issues.

I tried different workarounds, none worked:
* setting interfaces to promisc (both downlinks & uplinks);
* disabling Proxmox nodes' firewall, SMURFS filter, NDP;

What might be the problem?

Are there some known compatibility issues which I don't know about?

I'm using:
Code: 
proxmox-ve: 5.0-20 (running kernel: 4.10.17-2-pve)
pfsense 2.4.2
ovs 2.7.0
Thanks,
Doru
 
I fixed the issue, it was because of the bond0 mode, which was balance-slb. Apparently this mode works rather complicated with multicast traffic. I've set the mode to active-backup and now everything works as expected.
 
Can confirm, balance-slb also caused problems over here. Reverting to Active-backup solved it.
Can't test it with other settings, the switches aren't capable of other bonding methods.

proxmox-ve: 5.1-42 (running kernel: 4.13.16-2-pve)
pve-manager: 5.1-51 (running version: 5.1-51/96be5354)
pve-kernel-4.13: 5.1-44
pve-kernel-4.13.16-2-pve: 4.13.16-47
pve-kernel-4.13.13-6-pve: 4.13.13-42
pve-kernel-4.13.13-1-pve: 4.13.13-31
pve-kernel-4.13.4-1-pve: 4.13.4-26
pve-kernel-4.10.17-4-pve: 4.10.17-24
pve-kernel-4.10.17-3-pve: 4.10.17-23
pve-kernel-4.10.17-2-pve: 4.10.17-20
corosync: 2.4.2-pve4
criu: 2.11.1-1~bpo90
glusterfs-client: 3.8.8-1
ksm-control-daemon: 1.2-2
libjs-extjs: 6.0.1-2
libpve-access-control: 5.0-8
libpve-apiclient-perl: 2.0-4
libpve-common-perl: 5.0-30
libpve-guest-common-perl: 2.0-14
libpve-http-server-perl: 2.0-8
libpve-storage-perl: 5.0-18
libqb0: 1.0.1-1
lvm2: 2.02.168-pve6
lxc-pve: 3.0.0-2
lxcfs: 3.0.0-1
novnc-pve: 0.6-4
openvswitch-switch: 2.7.0-2
proxmox-widget-toolkit: 1.0-15
pve-cluster: 5.0-25
pve-container: 2.0-21
pve-docs: 5.1-17
pve-firewall: 3.0-8
pve-firmware: 2.0-4
pve-ha-manager: 2.0-5
pve-i18n: 1.0-4
pve-libspice-server1: 0.12.8-3
pve-qemu-kvm: 2.11.1-5
pve-xtermjs: 1.0-2
qemu-server: 5.0-25
smartmontools: 6.5+svn4324-1
spiceterm: 3.0-5
vncterm: 1.5-3
zfsutils-linux: 0.7.7-pve1~bpo9
Click to expand...
 
You must log in or register to reply here.
Top Bottom