Re: [pfSense] pfsense ha issues
Well. I did not tested that. I need to do that when I can switch carp cluster back online. I did rollback to single firewall as ha setup caused packet loss issues on production network (office). -- Eero 2017-12-12 22:26 GMT+02:00 Steve Yates <st...@teamits.com>: > I get the actual LAN IP back from a traceroute also so that's normal. In > the sense of "that's the router handling the packet" that makes sense. > > Do you get packet loss if you ping out from the pfSense? > > Steve > > -Original Message- > From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Eero > Volotinen > Sent: Tuesday, December 12, 2017 2:01 PM > To: pfSense Support and Discussion Mailing List <list@lists.pfsense.org> > Subject: Re: [pfSense] pfsense ha issues > > Well, > > I did traceroute 8.8.8.8 and that shows traffic via 192.168.1.7 which is > primary firewall lan address. > > DHCP gives default route to 192.168.1.1 which is the carp vip. I got only > continuos packet loss to internet not to .1 (vip) or .7 addresses and carp > status is stable. (ie. primary firewall is master on all carp addresses) > > Eero > > 2017-12-12 21:55 GMT+02:00 Steve Yates <st...@teamits.com>: > > > They aren't swapping master/backup are they? If you turn off one of the > > two what happens? > > > > Not sure how you're determining traffic going to the .7 IP...? The > > gateway on a device on the LAN should be .1 (the "CARP" LAN IP). > > > > Are you getting packet loss if you ping the .1 address? The .7 address? > > Or just out to the Internet? > > > > -- > > > > Steve Yates > > ITS, Inc. > > > > -Original Message- > > From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Eero > > Volotinen > > Sent: Tuesday, December 12, 2017 1:03 PM > > To: pfSense Support and Discussion Mailing List <list@lists.pfsense.org> > > Subject: [pfSense] pfsense ha issues > > > > Hi, > > > > installed pfsense ha system on office. it works, but experiencing about > 25% > > packet loss. any idea why? switch issue? failover works fine. > > > > VIP lan gw ip is .1 but looks like traffic is going to .7 ip (normal ip > of > > fw) even dhcp offers .1 as gw. is this normal? > > > > Eero > > ___ > > pfSense mailing list > > https://lists.pfsense.org/mailman/listinfo/list > > Support the project with Gold! https://pfsense.org/gold > > ___ > > pfSense mailing list > > https://lists.pfsense.org/mailman/listinfo/list > > Support the project with Gold! https://pfsense.org/gold > > > ___ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > Support the project with Gold! https://pfsense.org/gold > ___ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > Support the project with Gold! https://pfsense.org/gold > ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] pfsense ha issues
I get the actual LAN IP back from a traceroute also so that's normal. In the sense of "that's the router handling the packet" that makes sense. Do you get packet loss if you ping out from the pfSense? Steve -Original Message- From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Eero Volotinen Sent: Tuesday, December 12, 2017 2:01 PM To: pfSense Support and Discussion Mailing List <list@lists.pfsense.org> Subject: Re: [pfSense] pfsense ha issues Well, I did traceroute 8.8.8.8 and that shows traffic via 192.168.1.7 which is primary firewall lan address. DHCP gives default route to 192.168.1.1 which is the carp vip. I got only continuos packet loss to internet not to .1 (vip) or .7 addresses and carp status is stable. (ie. primary firewall is master on all carp addresses) Eero 2017-12-12 21:55 GMT+02:00 Steve Yates <st...@teamits.com>: > They aren't swapping master/backup are they? If you turn off one of the > two what happens? > > Not sure how you're determining traffic going to the .7 IP...? The > gateway on a device on the LAN should be .1 (the "CARP" LAN IP). > > Are you getting packet loss if you ping the .1 address? The .7 address? > Or just out to the Internet? > > -- > > Steve Yates > ITS, Inc. > > -Original Message- > From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Eero > Volotinen > Sent: Tuesday, December 12, 2017 1:03 PM > To: pfSense Support and Discussion Mailing List <list@lists.pfsense.org> > Subject: [pfSense] pfsense ha issues > > Hi, > > installed pfsense ha system on office. it works, but experiencing about 25% > packet loss. any idea why? switch issue? failover works fine. > > VIP lan gw ip is .1 but looks like traffic is going to .7 ip (normal ip of > fw) even dhcp offers .1 as gw. is this normal? > > Eero > ___ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > Support the project with Gold! https://pfsense.org/gold > ___ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > Support the project with Gold! https://pfsense.org/gold > ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] pfsense ha issues
Well, I did traceroute 8.8.8.8 and that shows traffic via 192.168.1.7 which is primary firewall lan address. DHCP gives default route to 192.168.1.1 which is the carp vip. I got only continuos packet loss to internet not to .1 (vip) or .7 addresses and carp status is stable. (ie. primary firewall is master on all carp addresses) Eero 2017-12-12 21:55 GMT+02:00 Steve Yates <st...@teamits.com>: > They aren't swapping master/backup are they? If you turn off one of the > two what happens? > > Not sure how you're determining traffic going to the .7 IP...? The > gateway on a device on the LAN should be .1 (the "CARP" LAN IP). > > Are you getting packet loss if you ping the .1 address? The .7 address? > Or just out to the Internet? > > -- > > Steve Yates > ITS, Inc. > > -Original Message- > From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Eero > Volotinen > Sent: Tuesday, December 12, 2017 1:03 PM > To: pfSense Support and Discussion Mailing List <list@lists.pfsense.org> > Subject: [pfSense] pfsense ha issues > > Hi, > > installed pfsense ha system on office. it works, but experiencing about 25% > packet loss. any idea why? switch issue? failover works fine. > > VIP lan gw ip is .1 but looks like traffic is going to .7 ip (normal ip of > fw) even dhcp offers .1 as gw. is this normal? > > Eero > ___ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > Support the project with Gold! https://pfsense.org/gold > ___ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > Support the project with Gold! https://pfsense.org/gold > ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] pfsense ha issues
They aren't swapping master/backup are they? If you turn off one of the two what happens? Not sure how you're determining traffic going to the .7 IP...? The gateway on a device on the LAN should be .1 (the "CARP" LAN IP). Are you getting packet loss if you ping the .1 address? The .7 address? Or just out to the Internet? -- Steve Yates ITS, Inc. -Original Message- From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Eero Volotinen Sent: Tuesday, December 12, 2017 1:03 PM To: pfSense Support and Discussion Mailing List <list@lists.pfsense.org> Subject: [pfSense] pfsense ha issues Hi, installed pfsense ha system on office. it works, but experiencing about 25% packet loss. any idea why? switch issue? failover works fine. VIP lan gw ip is .1 but looks like traffic is going to .7 ip (normal ip of fw) even dhcp offers .1 as gw. is this normal? Eero ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
[pfSense] pfsense ha issues
Hi, installed pfsense ha system on office. it works, but experiencing about 25% packet loss. any idea why? switch issue? failover works fine. VIP lan gw ip is .1 but looks like traffic is going to .7 ip (normal ip of fw) even dhcp offers .1 as gw. is this normal? Eero ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
