Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    CARP triggers when new interface is added

    HA/CARP/VIPs
    2
    3
    767
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      azekiel
      last edited by

      Hi,

      two pfSense physical servers, each 5 nics.
      4 nics are connected via a LAG and a couple of VLANs (on that LAG) to Layer 2.

      Heartbeat/Sync is a dedicated NIC.

      When I enable the interface on a newly configured VLAN (everything done on both nodes) CARP flips out, triggers multiple times and so on.
      I get about 500 mails regarding MASTER -> BACKUP and BACKUP -> MASTER changes.

      After a few minutes it stops and the CARP/HA and everything else is working fine..

      Any idea? :/

      Greets

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        The heartbeat for CARP is on the interfaces where the IP addresses reside – it does NOT happen on the sync interface.

        So anything that interrupts the interface will interrupt the heartbeats. With some network cards, that means adding a VLAN could trigger the problem. It doesn't happen on all hardware, however.

        In the future, put the master into CARP maintenance mode, make the changes, then exit maintenance mode and make the changes on the secondary. That should avoid harsh transitions.

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • A
          azekiel
          last edited by

          Hi jimp,

          thanks for the answer.

          Will try that. Unfortunately this means that I cannot add vlans/interfaces on the fly, because all ipsec tunnels, openvpn tunnels and so on will get re-established two times.

          Greets

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.