[SOLVED]CARP Cluster, what will happen if i bring back my backup online after configuration change ?
-
Hello,
Today we changed some network configuration with ISP and in an ermergency break, we had to stop our backup HA CARP (some IP Alias stuck on backup)
Our config was 1 IP Carp with X IP alias on it.
After the emergency we have now X+1 IP CARP on primary, and the backup is shutdowned with old configuration.
What will happen if we start the backup ?
Is there a risk of conflict at start-up?
Thanks
Yathus
-
@Yathus
It depends on what CARP settings you have configured. Usually, on the primary firewall, you should check all the options for the settings you want to synchronize, and on the secondary, you should leave everything unchecked for synchronization, as far as I remember.Configuration synchronization must only be configured on the primary node.
Never activate options in this section on the secondary node of a two-member cluster.In theory, there shouldn't be any problems when you boot the secondary firewall if this is done correctly. If you're unsure, you can go to Status > CARP and temporarily disable CARP on the primary firewall to check whether the secondary has the correct settings.
-
Thanks, so in the process, the backup node will don't do anything on startup then will be sync with new config push from primary ?
-
@Yathus The backup node will come up as backup status, and configuration replication will replicate latest changes, when you make at least one change on primary.
-
@Yathus
Yes. Boot your secondary (backup) firewall, then go to System > High Availability on the primary node and click the Save button. This will force a configuration sync if it didn’t occur during boot. -
OK we started this night and backup node tried to take "Primary" on the two CARP IP, backup node won't came up as backup status so...
We had to disable CARP on backup then we sync configuration from primary and enable CARP on secondary.
It wasn't a major incident because we were prepared and had planned it during the night, but it didn't work out as planned.
-
@Yathus said in [SOLVED]CARP Cluster, what will happen if i bring back my backup online after configuration change ?:
OK we started this night and backup node tried to take "Primary" on the two CARP IP, backup node won't came up as backup status so...
I think this is expected behaviour, untill it synced, if it possible to sync at all.
I'm glad everything worked out for you.
I'd like to slightly correct your terminology, which is also referenced in the documentation. Refer to the firewalls as Primary and Secondary—these are their permanent roles. Only their status changes, which can be either Master or Backup.
And for the future, if everything is set up correctly, there's no need to power off the Secondary firewall at all. It should properly synchronize what it needs to. If synchronization of certain settings isn't possible, use Maintenance Mode or Disable CARP, provided it doesn't cause conflicts in the network.
