Bug #2011
closed
Two NICs running CARP on the same network segment generate log flood
0%
Description
Hello,
I am running pfSense with two NICs running CARP on the same VLAN of the same switch. It happens that in the firewall log I have a lot of entries (really thousands per minute!). The full description of the situation is in this forum post:
http://forum.pfsense.org/index.php/topic,43102.0.html.
In the end I found out that this happens because of this change:
http://redmine.pfsense.org/issues/598
The rule involved is:
block in log quick proto carp from (self) to any
What I ask myself is that if it is possible to not to log this events or to rewrite this rule in order to allow two NICs running CARP in the same network segment without blocking the other NICs CARP packets (this should be much better, but I really don't know if it's possible).
If not there is no other solution than moving the two NICs on different switches/VLANs. But in this case the issue should be documented somehow, because until now it is not documented at all.
Updated by
Updated by Michele Di Maria about 14 years ago
maybe it's the case to put a line here about that:
http://doc.pfsense.org/index.php/CARP_Configuration_Troubleshooting
Probably to put only one NIC per network segment is one of the basic "best practices", but I swear I didn't find it anywhere in the documentation...
Something like:
"It is suggested to use only one NIC for each network segment (switch or VLAN) in order to avoid flooding of logs related to the block of CARP broadcast coming from the same box. This block is necessary to avoid layer 2 issues in certain conditions. "
What do you think about it?
Thanks,
Michele