Doubts on CARP/HA/DUALWAN

SteveITS

@chano76 Define "disconnects"? As in, unplugged, or the gateway is marked down?

w0w

@chano76
What is the pfSense version?
How did you configure the failover group?

chano76

Hi everyone, thank you for taking the time to respond, and my apologies for the delayed reply.
yes, @SteveITS disconnects as in, unplugged,
Pfsense 2.7.2
@w0w Both ISP are on th same tier
From what I've been reading, it seems that what I'm experiencing is expected behavior. If the cable from one ISP is unplugged and the interface is detected as offline, it triggers a router failover. However, if the gateway becomes unresponsive, then it switches to the other ISP.
It would be interesting to know if this behavior can be modified so that a WAN interface going offline due to a cable disconnection does not trigger a router failover, but still allows for an ISP switch, provided that the SYNC interface is receiving data and there is a secondary WAN available.
Thank you for your time!

netblues

@chano76 Please describe in detail how the wan connections are implemented

pppoe? dhcp? nat behind a cpe device? Routed /29 subnet?

chano76

Fixed IP on both ISP, The CPE devices are bridged and the subnet is /29 in both ISP´s. 3 Ip adreses each, R1, R2, anda VIP´s.

w0w

@chano76 said in Doubts on CARP/HA/DUALWAN:

it seems that what I'm experiencing is expected

In a way, yes, this behavior is expected. I assume that in your case the WAN link goes down only on the master pfSense?

chano76

@w0w yes, only unplugged R1 WAN ethernet. Is it possible to change this behavior?

netblues

@chano76 Yes, there is a way to do this, but it has some drawbacks.
Actually what you are facing is by design.

This can be done properly only by running bgp, with own AS no and being multihomed to both Isp's.
Then you just need the vips for local redundancy, and you leave isp failover at the bgp level.

In your case, don't use a vip for the wan, just different ip's from /29.
If a cable, or cpe or connection fails, pf wil switch gateways but it will not failover.

Use vips only for lan side connections.
This of course means that you will loose stateful failover, but loosing local resources is much more controllable than wan.

It is also tricky at the gateway level, you need dummy entries so as to have configuration being synced automatically to both instances, without getting your settings on the secondary pf being overwritten,

I have done this with multiple pppoe connections over the same cpe. The goal there was to have both connections up, for administrative purposes, and it works like this.

w0w

@chano76

Everything is doable, but the real questions are at what cost and, more importantly, for what purpose. If, in practice, you will never have a situation where the cable is unplugged from only one firewall, then you probably won’t encounter this issue.

When a cable is pulled, pfSense immediately marks the VIP as down, because of link state, sets the CARP demotion value to 240, and the node drops to BACKUP. If you want to prevent that behavior, you must make sure the link never goes down. When there is nothing between pfSense and the ISP, add your own unmanaged switch; that way, if the provider’s equipment fails, the Multi-WAN gateway group will fail over, but the firewalls will not swap CARP roles.

chano76

I agree with WoW that, even though it can be done, it's a level of complexity I don't really need. If, in real-world experience, a server switch is triggered just because a cable gets unplugged, I’ll see how I can work around it.
@netblues thanks a lot for showing me a possible solution to my concern!
Thank you very much to both of you for sharing your konowledge and time!!