ucarp and vmware esxi

i’ve moved a linux router from 9yo physical box to a vm running under esxi 6.5. it’s a designated master in pair of master / slave managed by ucarp. it took me a while to figure out why it was not working – why didn’t the slave ‘see’ the master machine?

as it turned out the broadcast packets generated by master did not reach a slave machine, actually they never reached even a physical network card of the vmware server hosting the master node. i had to go to the network settings > vswitch and in security options select accept for forged transmits. after that the vrrp broadcast packets reached the physical network segment and via it the earlier virtualised designated slave router.

why is that needed? UCARP sends ‘alive’ packets with spoofed source MAC address of 0x:00:5e:xx:xx:xx, and vmware – by default – does not pass from hosts to the network frames with not-assigned ARP addresses

Source MAC selection is in carp.c. It’s not a whim of UCARP’s author but rather part of VRRP spec.

Leave a Reply

Your email address will not be published. Required fields are marked *

(Spamcheck Enabled)