4. SOLVED: Both member has status as MASTER…!?

SOLVED: Both member has status as MASTER…!?

  • M

    Hi, i have setted up the HA on the first pfsense and synced to the backup member.
    But both shows me that the CARP interfaces are MASTERs after a reboot!?

    LOG Master:

    Apr 25 22:07:38  kernel  done. 
    Apr 25 22:07:37  php-fpm  312  /rc.carpmaster: HA cluster member "(10.0.202.254@hn1): (HOSTING)" has resumed CARP state "MASTER" for vhid 2 
    Apr 25 22:07:37  php-fpm  311  /rc.carpmaster: HA cluster member "(10.0.102.254@hn0): (WAN)" has resumed CARP state "MASTER" for vhid 1 
    Apr 25 22:07:37  kernel  done. 
    Apr 25 22:07:36  php-cgi  rc.bootup: sync unbound done. 
    Apr 25 22:07:36  check_reload_status  Carp master event 
    Apr 25 22:07:36  kernel  carp: 1@hn0: BACKUP -> MASTER (master timed out) 
    Apr 25 22:07:36  kernel  carp: 2@hn1: BACKUP -> MASTER (master timed out) 
    Apr 25 22:07:36  check_reload_status  Carp master event

    LOG Backup:

    Apr 25 21:57:54  php-fpm  312  /rc.carpmaster: HA cluster member "(10.0.202.254@hn1): (HOSTING)" has resumed CARP state "MASTER" for vhid 2 
    Apr 25 21:57:54  php-fpm  311  /rc.carpmaster: HA cluster member "(10.0.102.254@hn0): (WAN)" has resumed CARP state "MASTER" for vhid 1 
    Apr 25 21:57:53  check_reload_status  Carp master event 
    Apr 25 21:57:53  kernel  carp: 1@hn0: BACKUP -> MASTER (master timed out) 
    Apr 25 21:57:53  kernel  carp: 2@hn1: BACKUP -> MASTER (master timed out) 
    Apr 25 21:57:53  check_reload_status  Carp master event 
    Apr 25 21:57:52  check_reload_status  Updating all dyndns 
    Apr 25 21:57:52  php-cgi  rc.bootup: NTPD is starting up. 
    Apr 25 21:57:52  kernel  done. 
    Apr 25 21:57:52  kernel  done. 
    Apr 25 21:57:51  php-fpm  312  /rc.carpbackup: HA cluster member "(10.0.202.254@hn1): (HOSTING)" has resumed CARP state "BACKUP" for vhid 2 
    Apr 25 21:57:51  php-fpm  311  /rc.carpbackup: HA cluster member "(10.0.102.254@hn0): (WAN)" has resumed CARP state "BACKUP" for vhid 1 
    Apr 25 21:57:51  kernel  done.

    anyone a idea?

    thx
    MoPhat


    0
  • Netgate

    You need good layer 2 that forwards multicast between the interfaces.

    How are the the nodes' WAN and LAN interfaces connected to each other?

    When the node with the higher advbase/advskew receives the advertisement from the faster node, it assumes backup status and downs the VIP.

    (by default advbase/advskew is primary 1/0 and secondary 1/100 and there is almost never a reason to change those)

    You posted the sync interface details so that leads me to believe you think that has something to do with CARP status. It has nothing to do with it. The CARP status is determined by the interfaces with the VIPs on them exchanging advertisements on the networks between them. All the SYNC interface does is exchange state sync and XMLRPC Config sync. You should enable state sync on your secondary by the way. pfsync is bi-directional. Config sync is one-way (primary to secondary)

    0
  • M

    Hi Derelict

    I found out that in hyper-v i must activate the option for "mac address spoofing" on the vNics, after that all works fine :)


    0
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2018 Rubicon Communications, LLC | Privacy Policy