Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    SOLVED: Both member has status as MASTER…!?

    Scheduled Pinned Locked Moved HA/CARP/VIPs
    3 Posts 2 Posters 2.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      MoPhat
      last edited by

      Hi, i have setted up the HA on the first pfsense and synced to the backup member.
      But both shows me that the CARP interfaces are MASTERs after a reboot!?

      LOG Master:

      Apr 25 22:07:38  kernel  done. 
      Apr 25 22:07:37  php-fpm  312  /rc.carpmaster: HA cluster member "(10.0.202.254@hn1): (HOSTING)" has resumed CARP state "MASTER" for vhid 2 
      Apr 25 22:07:37  php-fpm  311  /rc.carpmaster: HA cluster member "(10.0.102.254@hn0): (WAN)" has resumed CARP state "MASTER" for vhid 1 
      Apr 25 22:07:37  kernel  done. 
      Apr 25 22:07:36  php-cgi  rc.bootup: sync unbound done. 
      Apr 25 22:07:36  check_reload_status  Carp master event 
      Apr 25 22:07:36  kernel  carp: 1@hn0: BACKUP -> MASTER (master timed out) 
      Apr 25 22:07:36  kernel  carp: 2@hn1: BACKUP -> MASTER (master timed out) 
      Apr 25 22:07:36  check_reload_status  Carp master event

      LOG Backup:

      Apr 25 21:57:54  php-fpm  312  /rc.carpmaster: HA cluster member "(10.0.202.254@hn1): (HOSTING)" has resumed CARP state "MASTER" for vhid 2 
      Apr 25 21:57:54  php-fpm  311  /rc.carpmaster: HA cluster member "(10.0.102.254@hn0): (WAN)" has resumed CARP state "MASTER" for vhid 1 
      Apr 25 21:57:53  check_reload_status  Carp master event 
      Apr 25 21:57:53  kernel  carp: 1@hn0: BACKUP -> MASTER (master timed out) 
      Apr 25 21:57:53  kernel  carp: 2@hn1: BACKUP -> MASTER (master timed out) 
      Apr 25 21:57:53  check_reload_status  Carp master event 
      Apr 25 21:57:52  check_reload_status  Updating all dyndns 
      Apr 25 21:57:52  php-cgi  rc.bootup: NTPD is starting up. 
      Apr 25 21:57:52  kernel  done. 
      Apr 25 21:57:52  kernel  done. 
      Apr 25 21:57:51  php-fpm  312  /rc.carpbackup: HA cluster member "(10.0.202.254@hn1): (HOSTING)" has resumed CARP state "BACKUP" for vhid 2 
      Apr 25 21:57:51  php-fpm  311  /rc.carpbackup: HA cluster member "(10.0.102.254@hn0): (WAN)" has resumed CARP state "BACKUP" for vhid 1 
      Apr 25 21:57:51  kernel  done.

      anyone a idea?

      thx
      MoPhat

      ha.png
      ha.png_thumb

      1 Reply Last reply Reply Quote 0
      • DerelictD
        Derelict LAYER 8 Netgate
        last edited by

        You need good layer 2 that forwards multicast between the interfaces.

        How are the the nodes' WAN and LAN interfaces connected to each other?

        When the node with the higher advbase/advskew receives the advertisement from the faster node, it assumes backup status and downs the VIP.

        (by default advbase/advskew is primary 1/0 and secondary 1/100 and there is almost never a reason to change those)

        You posted the sync interface details so that leads me to believe you think that has something to do with CARP status. It has nothing to do with it. The CARP status is determined by the interfaces with the VIPs on them exchanging advertisements on the networks between them. All the SYNC interface does is exchange state sync and XMLRPC Config sync. You should enable state sync on your secondary by the way. pfsync is bi-directional. Config sync is one-way (primary to secondary)

        Chattanooga, Tennessee, USA
        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        1 Reply Last reply Reply Quote 0
        • M
          MoPhat
          last edited by

          Hi Derelict

          I found out that in hyper-v i must activate the option for "mac address spoofing" on the vNics, after that all works fine :)

          Spoofing.PNG
          Spoofing.PNG_thumb

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.