Welcome to the blog of mechanised.com

This blog is mainly a technical repository of information on Virtualisation tools and management for our hosting service.

Also for HP's Bladesystem that we use at both our datacentres.

Other articles are also included on .Net development and MS SQL Server as well as other interesting things we come across.

Sunday, 26 April 2009

VMware ESXi problem with NIC teaming and CARP with virtual firewall/router

Very tricky one to track down why a failover firewall configuration would never promote it's CARP IP's to MASTER status.

Turns out you must only have a single NIC on a vSwitch with a guest VM being used as a MASTER for CARP, otherwise will always show as BACKUP.

Can't even have a NIC in the standby list, 2nd NIC has to be completely removed.

There may well be a setting in the advanced options somewhere that might get this to work, if anyone has done this please let us know!

2 comments:

noreps said...

I acctually had the same problem but not beeing able to have failover wasn't the solution. So what we did was to stack 2 switches and ran link aggregation over the ports that were connected to vmware. Be very careful and make sure that the failover policy is "Route based on ip hash" when using link aggregation.

Seth Everson said...

Old post, but I figured I'd update since I found you on Google.

Turns out you need to set an Advanced setting for the hosts on this VMware portgroup.

Set Net.ReversePathFwdCheckPromisc to 1. This prevents these packets from going out 1 interface on the team and back on the other.