[pfSense Support] Many CARP servers in seperate groups

Mon, 08 Dec 2008 12:32:43 -0800

Hi. I have 4 PFSense 1.2-release servers running. 2 are paired up to run one section of our network and 2 are paired up to run another section.
All 4 share the same networks (we have our servers fed out one pair and our clients out another). 


This has been running for a very long time through many versions just fine 
(over 18 months)



I added another pair and things went nutz. Switches flood, one ore more of 
the existing 4 pfsense servers randomly reboot one ore both of the third 
pair become unresponsive even at console.



The first pair has about 20 virtual ips and uses vhids 1-20, the second pair 
that runs our servers has about 200 virtual ips and uses vhids 10-240 (skips 
around a bit since we paired the vhid with ending octet of ip for 
simplicity). So I have noticed there are a few over lapping VHID's between 
the 2 groups and it seems to have been working fine thus far.



Now that I have added this thrid pair, I have had to use many of those same 
VHID's of pair 2 ranging from 30-240.As soon as I shutdown the thrid pair 
and reboot the other 4, things are normal again.A few times I had to hard 
reset several of the 4 since they become unresponsive throughout this.



I tried disabling carp on the thrid pair but it still fouls up. I trippled 
checked that there were no ip conflicts on any of the different subnets. I 
have pair 1 sync via lan interface which is on a subnet of its own not in 
common with the other 2 pairs. The second pair is set to sync on OPT1 which 
is in deed in common with the third pair only. I would stuff another nic in 
and use a cross over cable for carp sync but now, the third pair's 
motherboard will only support 5 nics and I would need a sixth to allow for 
that.


Interfaces are like this:

Pair 1 has 2 interfaces each - lan/wan

Pair 2 has 3 interfaces each - lan/wan/opt1

Pair 3 has 5 interfaces each - lan/wan/opt1/opt2/opt3


Our intention is to use only the thrid pair and pull down the first two 
pairs after we migrate it all over. The first two pairs were built on mobos 
that cant support more then 3 nics.



Do VHIDs have to be unuique per IP on the same physical wire to avoid 
conflicts with other CARP servers? We had similar floods when we first setup 
Pair1 to carp sync on LAN. It was flooding certain linksys and belkin WAPs 
out on subscriber sites. We switched it to sync to WAN and the issue went 
away.


Thanks in advance

Tim Roberts 



---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Commercial support available - https://portal.pfsense.org























					Reply via email to