HA CARP - IPv6 Two masters
-
I'm seeing exactly this problem on 2 pairs of (vm) firewalls running 2.4.3-RELEASE-p1 (amd64) - carp works perfectly on v4, but v6 gets into master-master state. Rebooting the secondary solves it.
Both pairs are new builds with config restored.
Happy to provide any debug info that would help.
Thanks
Ed
-
Something related to the issues outlined above or something that works then spontaneously goes MASTER/MASTER?
-
It seems to be exactly the same symptoms, but I've checked there's no leading 0's in the ipv6 address, and it's all in lower case. It got into the master-master state when doing a failover to the secondary and back again.
-
You are going to have to provide more details. You might consider starting another thread since you are probably looking at a different problem, a layer 2 issue, or a misconfiguration.
-
@whisk0r Just lurking by... I have seen this behavior (WAN IPv6 on router2 left as Master) for a while. I've been using the general process:
upgrade router2
Enter Persistent Maintenance Mode on router1
upgrade router1
Leave Persistent Maintenance Mode...and router2 has the one IPv6 stuck on Master and needs a restart.
I do know it happened several times on 2.3.x and 2.4.x upgrades when we were running pfSense under VMs, under Virtuozzo. Possibly not every time. We have since installed two Netgate SG-4860, and our last ticket to upgrade to 2.4.3 (the only upgrade since the 4860s) didn't specifically say we had this issue then.
-
I never see that. You probably want to check that VIP for any of the issues described above.
-
Since I opened my mouth I felt obligated to test this tonight. I entered persistent maintenance mode a couple times and did not see issues switching back. So I suppose it might be related to our prior setup.
It didn't happen every time, but I'd say a majority of the time. Then again I seem to recall it happening occasionally just entering and leaving persistent maintenance mode so I don't think it's related to the upgrading process.
The VIPs are lower case and have no leading zero, however the LAN IP is "2607:xxxx:0:4c::1/64 (vhid: 154)" with a lone zero in there. Note it was the WAN IP that got stuck in dual Master (2607:xxxx::12/125 (vhid: 153)).
-
@derelict I have just experienced an interesting mutation of the issue https://redmine.pfsense.org/issues/6579 . My IPv6 CARP virtual address was ending with zero: fddf:c8:4011:13:: . Writing it exactly so was not possible in "Firewall / Virtual IPs / Edit" - I got the following error message:
The following input errors were detected: * The network address cannot be used for this VIPso, I had to put down fddf:c8:4011:13::0 . It caused the described problem. After changing the CARP address to fddf:c8:4011:13::100 the problem went away.
I added this information also to the issue.
P.S. I am using the latest pfSense: 2.4.4-RELEASE-p2
-
This post is deleted! -
There is no network/broadcast address in IPv6. PREFIX::0/64 is a valid host address. It is possible there is a problem with a validation code in the gui.
-
@awebster that was exactly what i tought too!!!
