[XS1930-12HP] CARP MAC gets falsely marked as static

Options
Fabian_S
Fabian_S Posts: 6 image  Freshman Member
First Comment
in Switch

I have set up two Virtual IPs using CARP on two separate OPNsense Firewalls:

grafik.png

WAN was assigned the MAC 00:00:5e:00:01:01 and LAN was assigned the MAC 00:00:5e:00:01:02

Firewall 1 is connected to Port 10 on the Switch and Firewall 2 is connected to Port 9.

For whatever reason, only the WAN VIP works properly and has it's MAC registered as Dynamic on the Switch. The LAN MAC wrongfully gets marked as "Type" Static.

grafik.png

Because of this, the OPNsense High Availability is broken. When the CARP MAC switches form one Firewall to the other, the Port on which the Switch forwards the traffic won't change and is stuck on Static. It will only work again if I restart the Switch.

Firmware V4.80(ABQF.4)

All Replies

  • Zyxel_Melen
    Zyxel_Melen Posts: 4,616 image  Zyxel Employee
    Zyxel Certified Network Engineer Level 1 - Switch Zyxel Certified Network Administrator - Switch Zyxel Certified Network Administrator - Nebula Zyxel Certified Sales Associate
    edited March 4

    Hi @Fabian_S

    We have experienced a similar issue on VMware vMotion and this issue is fixed by changing arp-learning mode. Could you help to change the arp-learning mode to ARP-request? Path: Menu > NETWORKING > ARP Setup > ARP Learning.

    If the issue still exist after changing, please let me know.

    Zyxel Melen


  • Fabian_S
    Fabian_S Posts: 6 image  Freshman Member
    First Comment

    Thanks for getting back to me!

    I changed the setting about a week ago but unfortunately, the issue persists. I don't know why Changing an ARP setting would affect the MAC Table anyway? The Port stayed on "Dynamic" for some time but now it's stuck on "Static" again.

    Currently, my nearly 700€ switch is unusable because it disturbs my firewall cluster…

  • Zyxel_Melen
    Zyxel_Melen Posts: 4,616 image  Zyxel Employee
    Zyxel Certified Network Engineer Level 1 - Switch Zyxel Certified Network Administrator - Switch Zyxel Certified Network Administrator - Nebula Zyxel Certified Sales Associate

    Hi @Fabian_S

    May I confirm that you have changed the ARP Learning mode to ARP request option, but the issue still exists?

    If so, please let us know and allow us to replicate in our lab first.

    Zyxel Melen


  • Fabian_S
    Fabian_S Posts: 6 image  Freshman Member
    First Comment
    edited March 12

    Yep, I changed the ARP Learning mode, saved the config and restarted the switch. The after the reboot, the port was set to Dynamic but changed to Static after a while.

    grafik.png


    But just now I checked again and it changed back to Dynamic? (yesterday it was on Static)

    grafik.png

    I run OPNsense (where the VIP is configured) on proxmox, with the LAN vmbr0 Linux bridge assigned as Interface

    OPNsense Virtual IPs:

    grafik.png

    OPNsense Interface assignments:

    grafik.png

    the LAN Interface is bound to the vmbr0 bridge on the proxmox VM:

    grafik.png


    Please note, that only the VIP 10.0.0.250 has this problem, the WAN VIP 172.16.1.6 doesn't. The WAN Interface is a proxmox SDN VLAN VNet in the VLAN 1000 (where as the 10.0.0.250 VIP is in the access VLAN 1 so that all clients can use it as gateway).

    Port VLANs:

    grafik.png
  • Fabian_S
    Fabian_S Posts: 6 image  Freshman Member
    First Comment

    Just checked and today it's on Static again…

    grafik.png
  • Fabian_S
    Fabian_S Posts: 6 image  Freshman Member
    First Comment

    And today it's back to Dynamic…

    grafik.png

    This is a critical bug which currently renders the switch useless. I can't fathom how the Port type can switch to Static in the first place, the documentation clearly states that it should also be Static if a MAC Forwarding rule was created manually.

Categories

Switch Help Center

EnglishTiếng ViệtРусскийไทย中文(台灣)