HA CARP - IPv6 Two masters

Derelict

Something related to the issues outlined above or something that works then spontaneously goes MASTER/MASTER?

whisk0r

It seems to be exactly the same symptoms, but I've checked there's no leading 0's in the ipv6 address, and it's all in lower case. It got into the master-master state when doing a failover to the secondary and back again.

Derelict

You are going to have to provide more details. You might consider starting another thread since you are probably looking at a different problem, a layer 2 issue, or a misconfiguration.

SteveITS

@whisk0r Just lurking by... I have seen this behavior (WAN IPv6 on router2 left as Master) for a while. I've been using the general process:

upgrade router2
Enter Persistent Maintenance Mode on router1
upgrade router1
Leave Persistent Maintenance Mode

...and router2 has the one IPv6 stuck on Master and needs a restart.

I do know it happened several times on 2.3.x and 2.4.x upgrades when we were running pfSense under VMs, under Virtuozzo. Possibly not every time. We have since installed two Netgate SG-4860, and our last ticket to upgrade to 2.4.3 (the only upgrade since the 4860s) didn't specifically say we had this issue then.

Derelict

I never see that. You probably want to check that VIP for any of the issues described above.

SteveITS

Since I opened my mouth I felt obligated to test this tonight. I entered persistent maintenance mode a couple times and did not see issues switching back. So I suppose it might be related to our prior setup.

It didn't happen every time, but I'd say a majority of the time. Then again I seem to recall it happening occasionally just entering and leaving persistent maintenance mode so I don't think it's related to the upgrading process.

The VIPs are lower case and have no leading zero, however the LAN IP is "2607:xxxx:0:4c::1/64 (vhid: 154)" with a lone zero in there. Note it was the WAN IP that got stuck in dual Master (2607:xxxx::12/125 (vhid: 153)).

yarick123

@derelict I have just experienced an interesting mutation of the issue https://redmine.pfsense.org/issues/6579 . My IPv6 CARP virtual address was ending with zero: fddf:c8:4011:13:: . Writing it exactly so was not possible in "Firewall / Virtual IPs / Edit" - I got the following error message:

The following input errors were detected:

 * The network address cannot be used for this VIP

so, I had to put down fddf:c8:4011:13::0 . It caused the described problem. After changing the CARP address to fddf:c8:4011:13::100 the problem went away.

I added this information also to the issue.

P.S. I am using the latest pfSense: 2.4.4-RELEASE-p2

SteveITS

This post is deleted!

Derelict

There is no network/broadcast address in IPv6. PREFIX::0/64 is a valid host address. It is possible there is a problem with a validation code in the gui.

Rodrinoy

@awebster that was exactly what i tought too!!!