Unicast CARP VIPs do not communicate using IPv6 Link Local Addresses
Configuring an IPv6 CARP VIP with a link local sync peer address does not appear to function properly. I've tried with and without a scope added to the address and in either case it does not appear to communicate with the peer. I made sure both peers were using the LL address of the other peer, but both claim MASTER status. If I change the peer to a non-LL address it works immediately.
Users can use non-LL sync peer addresses as a workaround, even if the VIP itself is LL.
If this is expected or not a valid use case, if that is the case we can document it as such.
Updated by Jim Pingle 7 months ago
Added note about this limitation to the docs: https://gitlab.netgate.com/docs/pfSense-docs/-/commit/67a457244248d481f6cdba1676ea90f3bedcd879
Updated by Kristof Provost 7 months ago
- Status changed from New to Feedback
Fixed upstream in https://cgit.freebsd.org/src/commit/?id=c2c28c0fa2e44caf1671b4dbf94167f686c3c411
Merged into devel-main, so it'll be fixed in 2.7 snapshots soon. It'll get merged into plus-devel-main later.
Updated by Kristof Provost 6 months ago
So the fix was already in 2.7 BETA, and was also cherry-picked to the plus-RELENG_23_05 branch in case of future point releases, but it wasn't in plus-devel-main for 23.09 snapshots.
It would have made it in the next time we did a merge from upstream, but I've now cherry-picked it so it'll be in tomorrow's snapshot build.
Updated by Jim Pingle 5 months ago
- Status changed from Feedback to Resolved
Confirmed fixed here as well. I can set an LL on the VIP peer and it communicates as expected and reflects the proper CARP status as the other VIPs do.
There is still a potential issue with the address it chooses when doing XMLRPC sync but that's covered by #14392.