Regression #14026
openCARP backup node is unable to ping master node CARP VIP address
0%
Description
This was brought up by a customer and I am able to reproduce it.
Master 10.41.1.252
Backup 10.40.1.253
CARP 10.40.1.254
10.40.1.253 is unable to ping 10.40.1.254 on 23.01, but is able to on a 22.05 install.
When pinging 10.40.1.253 > 10.40.1.254 and using packet capture it shows packets reaching 10.41.1.252 and replies making it back to 10.41.1.253, but ping never sees the response. There are no blocked entries in the firewall logs.
Related issues
Updated by Jonathan Lee 11 months ago
Have you seen this post others are having this issue too.
Updated by Marcos M 10 months ago
For reference:
This is due to source validation which is now being enabled by default. To return the previous behavior, set net.inet.ip.source_address_validation
and net.inet6.ip6.source_address_validation
to 0
.
ref: IPv4 commit , IPv6 commit
Updated by Marcos M 10 months ago
- Related to Feature #11369: add Enabling IPv6 Source Address Validation support added
Updated by Jim Pingle 8 months ago
- Has duplicate Bug #14798: can't ping VIP addresses from the secondary node added
Updated by Jim Pingle 8 months ago
- Subject changed from CARP backup is unable to ping master via CARP IP. to CARP backup node is unable to ping master node CARP VIP address