Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    CARP backup shows up as Master

    Scheduled Pinned Locked Moved HA/CARP/VIPs
    6 Posts 2 Posters 1.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      maddmike
      last edited by

      Set up CARP IP on the wan and synced over they LAN interface. When the CARP IP shows up on the backup is shows and MASTER. Documentation says is should be BACKUP. Anyone know what's going on?

      TIA

      1 Reply Last reply Reply Quote 0
      • DerelictD
        Derelict LAYER 8 Netgate
        last edited by

        Almost always bad layer 2 between the interfaces that are showing MASTER/MASTER. It means the secondary is not receiving CARP advertisements from the primary. It has no idea what the problem is so it assumes MASTER.

        Chattanooga, Tennessee, USA
        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        1 Reply Last reply Reply Quote 0
        • M
          maddmike
          last edited by

          Well, don't really know what would change. When I boot node 2 (backup) up it will sync with node 1 and be correct MASTER/BACKUP. After about 10 minutes it's back to MASTER/MASTER and the synchronization stop. Keep getting those Error while attempting to communicate XMLRPC Sync

          1 Reply Last reply Reply Quote 0
          • DerelictD
            Derelict LAYER 8 Netgate
            last edited by

            If the secondary is going MASTER it means it stops receiving advertisements. Pretty much plain and simple there. Packet Capture on that interface on Secondary for CARP and see what's up. Set the capture to something like 25000 packets filtered on Protolol CARP and let it run. You should never see anything from the secondary until it stops receiving from the primary.

            Unless you maybe played around with advbase/advskew. Those should be 1/0 on primary and 1/100 on secondary.

            .17 CARP
            .18 Primary (1/0)
            .19 Secondary (1/100)

            Normal:

            00:43:26.510471 IP 172.25.228.18 > 224.0.0.18: CARPv2-advertise 36: vhid=228 advbase=1 advskew=0 authlen=7 counter=400327992027900696
            00:43:27.572746 IP 172.25.228.18 > 224.0.0.18: CARPv2-advertise 36: vhid=228 advbase=1 advskew=0 authlen=7 counter=400327992027900696
            00:43:28.634530 IP 172.25.228.18 > 224.0.0.18: CARPv2-advertise 36: vhid=228 advbase=1 advskew=0 authlen=7 counter=400327992027900696
            00:43:29.666390 IP 172.25.228.18 > 224.0.0.18: CARPv2-advertise 36: vhid=228 advbase=1 advskew=0 authlen=7 counter=400327992027900696

            "Unplug" Primary interface:

            01:07:15.766728 IP 172.25.228.18 > 224.0.0.18: CARPv2-advertise 36: vhid=228 advbase=1 advskew=0 authlen=7 counter=14494035697336985508
            01:07:16.820725 IP 172.25.228.18 > 224.0.0.18: CARPv2-advertise 36: vhid=228 advbase=1 advskew=0 authlen=7 counter=14494035697336985508
            01:07:17.828491 IP 172.25.228.18 > 224.0.0.18: CARPv2-advertise 36: vhid=228 advbase=1 advskew=0 authlen=7 counter=14494035697336985508
            01:07:21.253715 IP 172.25.228.19 > 224.0.0.18: CARPv2-advertise 36: vhid=228 advbase=1 advskew=100 authlen=7 counter=8377540094758294583
            01:07:22.667852 IP 172.25.228.19 > 224.0.0.18: CARPv2-advertise 36: vhid=228 advbase=1 advskew=100 authlen=7 counter=8377540094758294583
            01:07:24.101631 IP 172.25.228.19 > 224.0.0.18: CARPv2-advertise 36: vhid=228 advbase=1 advskew=100 authlen=7 counter=8377540094758294583

            "Plug" Primary interface back in:

            01:08:27.012871 IP 172.25.228.19 > 224.0.0.18: CARPv2-advertise 36: vhid=228 advbase=1 advskew=100 authlen=7 counter=8377540094758294583
            01:08:28.408104 IP 172.25.228.19 > 224.0.0.18: CARPv2-advertise 36: vhid=228 advbase=1 advskew=100 authlen=7 counter=8377540094758294583
            01:08:29.846626 IP 172.25.228.19 > 224.0.0.18: CARPv2-advertise 36: vhid=228 advbase=1 advskew=100 authlen=7 counter=8377540094758294583
            01:08:29.848767 IP 172.25.228.18 > 224.0.0.18: CARPv2-advertise 36: vhid=228 advbase=1 advskew=0 authlen=7 counter=12648634598916168423
            01:08:33.265135 IP 172.25.228.19 > 224.0.0.18: CARPv2-advertise 36: vhid=228 advbase=1 advskew=100 authlen=7 counter=8377540094758294583
            01:08:33.268944 IP 172.25.228.18 > 224.0.0.18: CARPv2-advertise 36: vhid=228 advbase=1 advskew=0 authlen=7 counter=12648634598916168423
            01:08:34.282138 IP 172.25.228.18 > 224.0.0.18: CARPv2-advertise 36: vhid=228 advbase=1 advskew=0 authlen=7 counter=12648634598916168423
            01:08:35.290880 IP 172.25.228.18 > 224.0.0.18: CARPv2-advertise 36: vhid=228 advbase=1 advskew=0 authlen=7 counter=12648634598916168423

            Chattanooga, Tennessee, USA
            A comprehensive network diagram is worth 10,000 words and 15 conference calls.
            DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
            Do Not Chat For Help! NO_WAN_EGRESS(TM)

            1 Reply Last reply Reply Quote 0
            • M
              maddmike
              last edited by

              As soon as I save the virtual IP on the Primary the secondary starts advertising as follows :

              13:07:47.753662 IP 172.24.65.95 > vrrp.mcast.net: VRRPv2, Advertisement, vrid 1, prio 100, authtype none, intvl 1s, length 36
              13:07:49.163038 IP 172.24.65.95 > vrrp.mcast.net: VRRPv2, Advertisement, vrid 1, prio 100, authtype none, intvl 1s, length 36
              13:07:50.566073 IP 172.24.65.95 > vrrp.mcast.net: VRRPv2, Advertisement, vrid 1, prio 100, authtype none, intvl 1s, length 36
              13:07:51.976111 IP 172.24.65.95 > vrrp.mcast.net: VRRPv2, Advertisement, vrid 1, prio 100, authtype none, intvl 1s, length 36

              And even after I remove the VIP from the secondary it continues to advertise.

              IFConfig shows the VIP still on the interface and carp mπaster
              carp: MASTER vhid 1 advbase 1 advskew 100

              I have to manually remove the VIP from the secondary, using the UI doesn't remove it.

              1 Reply Last reply Reply Quote 0
              • DerelictD
                Derelict LAYER 8 Netgate
                last edited by

                Does it see the advertisements from the primary before you add the VIP?

                Does the primary see those advertisements from the secondary?

                It is not generally correct to add a CARP VIP to the secondary. You add it to the primary and it XMLRPC syncs over to the secondary with the proper advbase/advskew.

                If you add it to the secondary manually and there is not a 1/0 skew VIP already on the network, of course it will assume MASTER.

                Tested what you reported on a fairly-current 2.4-BETA VM pair:

                Added VIP 172.25.236.65 on Secondary only:

                xn0: flags=8943 <up,broadcast,running,promisc,simplex,multicast>metric 0 mtu 1500
                options=3 <rxcsum,txcsum>ether 12:77:26:96:5d:a3
                inet6 fe80::1077:26ff:fe96:5da3%xn0 prefixlen 64 scopeid 0x5
                inet6 2001:470:f00e:7e01::3 prefixlen 64
                inet6 2001:470:f00e:7e01::1 prefixlen 64 vhid 239
                inet 172.25.236.3 netmask 0xffffff00 broadcast 172.25.236.255
                inet 172.25.236.1 netmask 0xffffff00 broadcast 172.25.236.255 vhid 236
                inet 172.25.236.65 netmask 0xffffff00 broadcast 172.25.236.255 vhid 241
                nd6 options=21 <performnud,auto_linklocal>media: Ethernet manual
                status: active
                carp: BACKUP vhid 236 advbase 1 advskew 100
                carp: BACKUP vhid 239 advbase 1 advskew 100
                carp: MASTER vhid 241 advbase 1 advskew 100

                Deleted same:

                xn0: flags=8943 <up,broadcast,running,promisc,simplex,multicast>metric 0 mtu 1500
                options=3 <rxcsum,txcsum>ether 12:77:26:96:5d:a3
                inet6 fe80::1077:26ff:fe96:5da3%xn0 prefixlen 64 scopeid 0x5
                inet6 2001:470:f00e:7e01::3 prefixlen 64
                inet6 2001:470:f00e:7e01::1 prefixlen 64 vhid 239
                inet 172.25.236.3 netmask 0xffffff00 broadcast 172.25.236.255
                inet 172.25.236.1 netmask 0xffffff00 broadcast 172.25.236.255 vhid 236
                nd6 options=21 <performnud,auto_linklocal>media: Ethernet manual
                status: active
                carp: BACKUP vhid 236 advbase 1 advskew 100
                carp: BACKUP vhid 239 advbase 1 advskew 100</performnud,auto_linklocal></rxcsum,txcsum></up,broadcast,running,promisc,simplex,multicast></performnud,auto_linklocal></rxcsum,txcsum></up,broadcast,running,promisc,simplex,multicast>

                Chattanooga, Tennessee, USA
                A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                Do Not Chat For Help! NO_WAN_EGRESS(TM)

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.