Setting up a CARP cluster and finding discrepancies?

  • I have two identical PCs running the 1.2.1 snapshot from 2008-10-13 in a CARP cluster for active-standby failover and followed the tutorial at:

    For setting up the two systems, I created the WAN and LAN CARP VIPs, and the two systems are connected to each other via a dedicated interface. On the "left" system, which is currently master I've told it to sync all of its settings with the "right" system. Looking through the various statuses and config pages I can see successful syncs happening now.


    When I got to the right systems "General Setup" page the settings there were not the same as the ones from the "left" system. Specifically, the DNS server settings were not the same. Is this a bug, an oversight, or is this by design? I'm trying to make a list of what I have to make sure is manually configured on both systems for a failover to be seamless. Thanks!

  • Also, NTP time server settings aren't copied between CARP cluster members either it would appear.

  • Yes that's all normal as far as I can remember. There's a reasonable amount of config to do before you can let the sync do the work for you.
    Generally items under "System" and "Interfaces" menus need to be configured manually on each firewall. There's plenty of other things such as package specific settings and VPN that don't sync either.

    Just read carefully the items you've ticked in the Carp settings page.


  • Reading the items in the CARP config gave me the impression that I wouldnt have to manually configure certain things. The biggest one is the whole DHCP static mappings and general DHCP setup itself. As best as I can tell CARP is doing squat to little with regards to DHCP between master and standby boxes? Why cant CARP sync the DHCP scope range, and other DHCP server settings?

    I would much rather see if there was a document somewhere that would tell me exactly what is and is not synced between CARP cluster systems. I am trying to build a test network for pfSense for future use and it makes it hard to know what is a bug and what is design when the documentation of CARP seems to live more in the forums then in the wiki or elsewhere. If I am missing some tome of documentation then please by all means point me in its direction!

  • No, sadly I don't think you're missing a tome of pf wiki-wisdom. Yes, I agree with you.  DHCP sync-over and fail-over would be on my request list too.
    But a bug-fix forum is probably not the best place to get feature requests noticed.
    On the bright side, you can sync NAT and rules which alone saves you quite a bit of time


