RE: [pfSense Support] CARP IP/Hyper-V/Hyper-V R2
On Mon, Nov 15, 2010 at 9:57 PM, Evgeny Yurchenko evg.yu...@rogers.com wrote: I do not know a lot about Hyper-v but in VMWare for instance you can block frames with 'faked' mac-addresses. Probably you hit the same problem as CARP-packets have MAC-addresses 'not real' but specifically crafted. I'm sure that's exactly the problem, something in hyper-v changed to block/break that. Better to ask on a Microsoft forum why you can no longer use two MAC addresses on the same host. For what it's worth, I figured this out a few days back thanks to Evgeny's hint. On the virtual NICs on the Virtual Machine itself in Hyper-V R2, there is a checkbox labeled Allow MAC Address Spoofing (or something close to that). Checking that box allows the CARP addresses to work fine. smime.p7s Description: S/MIME cryptographic signature
RE: [pfSense Support] CARP IP/Hyper-V/Hyper-V R2
On 10-11-15 09:22 PM, Dimitri Rodis wrote: I recently migrated a pfSense virtual machine (version 1.2.2) that was running flawlessly on Hyper-V (first release) with 2 additional CARP IP addresses on the WAN interface for about 16 months. Over the weekend, I migrated that virtual machine over to a Hyper-V R2 machine, and all was well except that the 2 additional CARP IPs do not respond to traffic (although traffic to/from/in/out of the WAN's actual IP works fine). After rebooting nearly every piece of equipment between the servers and the ISP, the only thing that made the CARP IPs work again was migrating the virtual machine back to the original Hyper-V (non-R2) host. Any ideas on why CARP IPs wouldn't work on Hyper-V R2? Is there something since 1.2.2 that might change this? Thanks, Dimitri Rodis Integrita Systems LLC http://www.integritasystems.com I do not know a lot about Hyper-v but in VMWare for instance you can block frames with 'faked' mac-addresses. Probably you hit the same problem as CARP-packets have MAC-addresses 'not real' but specifically crafted. Weird thing though in your e-mail is that you mention only one virtual machine... do you use CARP-IPs with one pfSense? if yes then why would you need such set up? Evgeny. I have several public IPs from the ISP, and need to use each of them for different purposes (SSL/TCP-443 for different sites services). I use CARP addresses for the rest of the IPs I've been given-then if I get the opportunity to add redundancy, they are already set up that way. Obviously the point is that the additional CARP addresses don't seem to function at all when pfSense is run under Hyper-V R2 as opposed to Hyper-V R1, and I am hoping to resolve that issue so that the old server can be formatted and upgraded and added to the cluster.. FWIW, both hosts are Dell PowerEdge 2900s *identically* configured, with the only exception currently being the of the amount of RAM, smime.p7s Description: S/MIME cryptographic signature
Re: [pfSense Support] CARP IP/Hyper-V/Hyper-V R2
On 10-11-16 12:19 PM, Dimitri Rodis wrote: On 10-11-15 09:22 PM, Dimitri Rodis wrote: I recently migrated a pfSense virtual machine (version 1.2.2) that was running flawlessly on Hyper-V (first release) with 2 additional CARP IP addresses on the WAN interface for about 16 months. Over the weekend, I migrated that virtual machine over to a Hyper-V R2 machine, and all was well except that the 2 additional CARP IPs do not respond to traffic (although traffic to/from/in/out of the WAN's actual IP works fine). After rebooting nearly every piece of equipment between the servers and the ISP, the only thing that made the CARP IPs work again was migrating the virtual machine back to the original Hyper-V (non-R2) host. Any ideas on why CARP IPs wouldn't work on Hyper-V R2? Is there something since 1.2.2 that might change this? Thanks, Dimitri Rodis Integrita Systems LLC http://www.integritasystems.com I do not know a lot about Hyper-v but in VMWare for instance you can block frames with 'faked' mac-addresses. Probably you hit the same problem as CARP-packets have MAC-addresses 'not real' but specifically crafted. Weird thing though in your e-mail is that you mention only one virtual machine... do you use CARP-IPs with one pfSense? if yes then why would you need such set up? Evgeny. I have several public IPs from the ISP, and need to use each of them for different purposes (SSL/TCP-443 for different sites services). I use CARP addresses for the rest of the IPs I've been given---then if I get the opportunity to add redundancy, they are already set up that way. Obviously the point is that the additional CARP addresses don't seem to function at all when pfSense is run under Hyper-V R2 as opposed to Hyper-V R1, and I am hoping to resolve that issue so that the old server can be formatted and upgraded and added to the cluster.. FWIW, both hosts are Dell PowerEdge 2900s **identically** configured, with the only exception currently being the of the amount of RAM, It should be pretty easy to check. Under Hyper-V R2 do tcpdump and see whether packets with CARP IPs leave your virtual machine and physical host. And if you do not see them coming out of physical interface then this question should be addressed to Hyper-V community. Evgeny.
Re: [pfSense Support] CARP IP/Hyper-V/Hyper-V R2
On Mon, Nov 15, 2010 at 9:57 PM, Evgeny Yurchenko evg.yu...@rogers.com wrote: I do not know a lot about Hyper-v but in VMWare for instance you can block frames with 'faked' mac-addresses. Probably you hit the same problem as CARP-packets have MAC-addresses 'not real' but specifically crafted. I'm sure that's exactly the problem, something in hyper-v changed to block/break that. Better to ask on a Microsoft forum why you can no longer use two MAC addresses on the same host. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] CARP IP/Hyper-V/Hyper-V R2
I recently migrated a pfSense virtual machine (version 1.2.2) that was running flawlessly on Hyper-V (first release) with 2 additional CARP IP addresses on the WAN interface for about 16 months. Over the weekend, I migrated that virtual machine over to a Hyper-V R2 machine, and all was well except that the 2 additional CARP IPs do not respond to traffic (although traffic to/from/in/out of the WAN's actual IP works fine). After rebooting nearly every piece of equipment between the servers and the ISP, the only thing that made the CARP IPs work again was migrating the virtual machine back to the original Hyper-V (non-R2) host. Any ideas on why CARP IPs wouldn't work on Hyper-V R2? Is there something since 1.2.2 that might change this? Thanks, Dimitri Rodis Integrita Systems LLC http://www.integritasystems.com smime.p7s Description: S/MIME cryptographic signature
Re: [pfSense Support] CARP IP/Hyper-V/Hyper-V R2
On 10-11-15 09:22 PM, Dimitri Rodis wrote: I recently migrated a pfSense virtual machine (version 1.2.2) that was running flawlessly on Hyper-V (first release) with 2 additional CARP IP addresses on the WAN interface for about 16 months. Over the weekend, I migrated that virtual machine over to a Hyper-V R2 machine, and all was well except that the 2 additional CARP IPs do not respond to traffic (although traffic to/from/in/out of the WAN's actual IP works fine). After rebooting nearly every piece of equipment between the servers and the ISP, the only thing that made the CARP IPs work again was migrating the virtual machine back to the original Hyper-V (non-R2) host. Any ideas on why CARP IPs wouldn't work on Hyper-V R2? Is there something since 1.2.2 that might change this? Thanks, Dimitri Rodis Integrita Systems LLC http://www.integritasystems.com I do not know a lot about Hyper-v but in VMWare for instance you can block frames with 'faked' mac-addresses. Probably you hit the same problem as CARP-packets have MAC-addresses 'not real' but specifically crafted. Weird thing though in your e-mail is that you mention only one virtual machine... do you use CARP-IPs with one pfSense? if yes then why would you need such set up? Evgeny.