HA not switching for all interfaces at the same time to other node
-
I have a simple a simple 2 node LAN/WAN setup, but it looks like having the CARP VIP/being master on node1 or node2 is on the interface level and not global.
If I unplugged the WAN cable from node1 I can see the CARP master role for WAN moving from node1 to node2. However, node1 still is master on the LAN, responding on the LAN CARP VIP.
To me this split situations seems weird en incorrect, causing the LAN<->WAN traffic to halt. Shouldn’t all interfaces move at same time from master to slave and vice versa? Can’t see how this should work if that’s not the case.What am I missing here? Did I just misconfigure something?
-
@wickeren can you share how you configured the HA, did you follow the "High Availability Configuration Example"? And what pfSense version are you using?
-
yes did follow https://docs.netgate.com/pfsense/en/latest/recipes/high-availability.html.
Pfsense 2.7.2 involved here. -
@wickeren can share pictures of the CARP interface configs, the sync interface and the relevant firewall rules?
-
have you figured this out?
i currently dont have this problem, but will have this problem once i move my wan interface from a VLAN to an actual physical interface (currently a bad cable will have impact on all my CARP ip's, as they all run through the same cable)
-
Nope, it's still the same. If only one interface fails for some reason, you end up in a split situation and it's not working.
-
I thought there was a doc page on this but can't find it. Maybe it was a forum post. All I can say is, it's supposed to move both.
https://docs.netgate.com/pfsense/en/latest/highavailability/test.html#test-carp-failover
notably, "Unplug the WAN or LAN cable" (my bold)I tried a quick search and found some really old stuff like https://www.reddit.com/r/PFSENSE/comments/4yebk5/comment/d6s45xk/ but note Jim-P I'm pretty confident is https://www.netgate.com/blog/author/jim-pingle.
