Bug #15622: IPv6 CARP uses wrong VHID Mac - pfSense - pfSense bugtracker

Actions

Copy link

Bug #15622

closed

IPv6 CARP uses wrong VHID Mac

Added by eelco bel about 1 year ago. Updated about 1 year ago.

Status:

Needs Patch

Priority:

Normal

Assignee:

Category:

FreeBSD

Target version:

Start date:

Due date:

% Done:

Estimated time:

Plus Target Version:

Release Notes:

Default

Affected Version:

2.7.2

Affected Architecture:

Description

pfsense uses the IANA VRRP defined virtual MAC addresses for CARP v4. This is great and valid, unless you are configuring a IPv6 CARP address with the same VHID.

PFSense seems to use the same mac format for IPv4 and IPv6 adresses, which does not follow the formats defined by RFC5798, defined in section 7.3. https://datatracker.ietf.org/doc/html/rfc5798#section-7.3

The virtual router MAC address associated with a virtual router is an IEEE 802 MAC Address in the following format:

IPv4 case: 00-00-5E-00-01-{VRID} (in hex, in Internet-standard bit-order)
IPv6 case: 00-00-5E-00-02-{VRID} (in hex, in Internet-standard bit-order)

This bug poses issues when configuring a cluser of firewalls the correct way, with the same VHID for IPv4 and IPv6.

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

pfSense

Custom queries

Bug #15622

IPv6 CARP uses wrong VHID Mac

Updated by Jim Pingle about 1 year ago