Can't Upgrade from 2.2.6 in HA environment?
-
I have both. I think I know what's going on - my provider (upstream) is pointing all traffic at the WAN CARP VIP so while it goes outbound, it's return path is sending it back to the WAN CARP VIP rather than secondary unit. Since this is what's recommended per the HA documentation, what is the workaround for this?
-
Normally each unit has its own separate WAN IP Address, plus the shared CARP address. The secondary should still be able to reach outbound from its own WAN IP address, it's not usually a problem.
-
They do - Primary is at .203, Secondary is at .205 - CARP is at .204 and I have the provider sending all traffic to the .204 address.
-
Can the secondary ping out to an Internet host by IP address at all? Maybe 8.8.8.8 or 8.8.4.4?
-
No it can't, but I wouldn't expect it to since all replies destined for the WAN address would be routed to the CARP VIP which isn't active when it's backup mode?
-
No. Its own IP address has nothing to do with CARP directly and should always have connectivity.
-
I checked with my host and everything is routed correctly. Am I not seeing something in my NAT setup (hybrid mode):
![8-24-2016 11-42-16 AM.jpg](/public/imported_attachments/1/8-24-2016 11-42-16 AM.jpg)
![8-24-2016 11-42-16 AM.jpg_thumb](/public/imported_attachments/1/8-24-2016 11-42-16 AM.jpg_thumb) -
Anybody?
-
Pretty much impossible to say with you obfuscating all the addresses. Details matter when you're asking for help.
You seem to have a fundamental misunderstanding about how things work.
Your ISP should not care if connections outbound come from either node's WAN address or the CARP VIP. They should all be equally-routable as far as they are concerned. If that is not the case you should take it up with your ISP.
-
I mask the addresses for a reason - I have been in IT for nearly 20 years now and I've seen my share of script kiddies and wanna-be's who troll sites like this looking for "inside information". This is the first forum that I've ever seen it be a problem in solving an issue. So here is the information you're looking for…you can tell me if it helps, but I'm guessing probably not?
I apologize for my mis-explanation of the routing - the WAN is a single block of 3 usable IP's consisting of each WAN IP and the CARP VIP. Then I have a ton of 1 to 1 mappings going on for several other IP blocks, and all of those are routed to the CARP VIP...the 3 IP's on the WAN side are routed to themselves (Primary to Primary, Secondary to Secondary and CARP VIP to CARP VIP). I have not only confirmed this routing with my host, but they also told me they are getting no ARP replies from the secondary box either...
![8-24-2016 11-42-16 AM.jpg](/public/imported_attachments/1/8-24-2016 11-42-16 AM.jpg)
![8-24-2016 11-42-16 AM.jpg_thumb](/public/imported_attachments/1/8-24-2016 11-42-16 AM.jpg_thumb)