Switches, Hubs, and Modems
cancel
Showing results for 
Search instead for 
Did you mean: 

procurce 2524 and CARP and 50% packet loss

Sebastian Reitenbach
Occasional Contributor

procurce 2524 and CARP and 50% packet loss

Hi,

I have two 2524 switches, one with latest available firmware, after a factory reset.

I have one untagged VLAN to ports 1-4 and a second one for the rest of the ports.

I have two firewalls working as a HA cluster, running OpenBSD and using CARP.

The first VLAN is in front of the firwalls, the Internet, the second one is for the DMZ. In the DMZ is a server plugged in. When I ping from hte DMZ server to the shared DMZ IP address of the firewall, in the same VLAN, then I have a packet loss from about 50%.

the same configuration works very well on a 2650, but these I want to use for other things.

I already contacted HP support, sent them logs... but they had no clue what the problem is. They said, ask design center, or here in the forum. Therefore I asked the design center, they said, CARP shall be no problem.

As nobody definitly said it is impossible, I wanted to ask here before I ask again at the support center.

anybody has a hint what can cause the packet loss and how i can get rid of it?

kind regards
Sebastian
2 REPLIES
Matt Hobbs
Honored Contributor

Re: procurce 2524 and CARP and 50% packet loss

Hi Sebastian,

I believe this is happening because the firewalls probably share the same virtual mac-address for their HA functionality.

The 2500 series only have a single mac-address table, whereas the newer products such as the 2600's have a mac-address table per VLAN.

There's some information about this in the VLAN chapter of the management and configuration guide... you can also find it here:

http://www.hp.com/rnd/support/faqs/23xx_25xx.htm#question27

Please assign points to any posts that you receive here.

Matt
Sebastian Reitenbach
Occasional Contributor

Re: procurce 2524 and CARP and 50% packet loss

Hi Matt,

first, thanks for your answer, second, you are right, the firewalls share a virtual MAC address. after reading the explanation, I understand that I can forget to get it working as I thought it should.

Sebastian