Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Only particular failure - WAN issues

    Scheduled Pinned Locked Moved HA/CARP/VIPs
    2 Posts 2 Posters 462 Views 1 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • ? Offline
      A Former User
      last edited by

      Hi,

      I have set up two nodes CARP. Works fine so far.
      Going on "Status -> CARP (failover)" I can see the current state. Clicking (on the current master) "Enter persistent CARP maintenance mode" if fails over to the second node and there is only a minimal interruption in network connection.

      BUT when I simulate the failure of a single NIC (ie by disabling the switch port) the secondary takes control of the failing interface and is now master for just this interface. Sounds good.

      But unfortunately no Internet/ WAN connection can be done at this stage. LAN can reach the virtual IP (now at the secondary pfsense) but it can not go further into direction of the WAN.

      I assume this has something to do with my NAT configuration. I have created a CARP interface for WAN, too. Virtual IP there is .99. To which IP-address do I have to configure my NAT?

      1.
      When configuring it for .99 (virtual) it is failsafe. But is does not cover the "single interface failure" I tested above (because it NATs to .99 on both active WAN interfaces).

      2.
      When configuring it for the correct address (.201 for master .202 for backup) connections will be lost during a failover, right?

      So what might be the solution for this scenario?

      Thanks!

      1 Reply Last reply Reply Quote 0
      • DerelictD Offline
        Derelict LAYER 8 Netgate
        last edited by

        Is the primary node actually seeing the interface go down? That is what is necessary to trigger a failover. It will fail over just fine with an actual interface failure. Even only one of many.

        CARP does not protect against a failure at Layer 2. That is up to you to provide Layer 2 redundancy in addition to Layer 3.

        It has zero to do with NAT.

        Chattanooga, Tennessee, USA
        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.