4. pfsense ha both staying master on wan side

pfsense ha both staying master on wan side

  • V

    Hi I have a pf sense cluster. CLuster is proper on lan side but wan side both showing master. While doing a pcap on both wan master sending a carp advertisement but slave is not seeing it. how to troubleshoot it?

    10:41:48.814786 IP slave > 224.0.0.18: CARPv2-advertise 36: vhid=10 advbase=1 advskew=100 authlen=7 counter=5770705708551257802
    10:41:49.092960 IP master > 224.0.0.18: CARPv2-advertise 36: vhid=10 advbase=1 advskew=0 authlen=7 counter=9074612109644037212
    10:41:50.144620 IP master > 224.0.0.18: CARPv2-advertise 36: vhid=10 advbase=1 advskew=0 authlen=7 counter=9074612109644037212
    10:41:50.227570 IP slave > 224.0.0.18: CARPv2-advertise 36: vhid=10 advbase=1 advskew=100 authlen=7 counter=5770705708551257802
    10:41:51.204953 IP master > 224.0.0.18: CARPv2-advertise 36: vhid=10 advbase=1 advskew=0 authlen=7 counter=9074612109644037212
    10:41:51.662518 IP slave > 224.0.0.18: CARPv2-advertise 36: vhid=10 advbase=1 advskew=100 authlen=7 counter=5770705708551257802
    10:41:52.219710 IP master > 224.0.0.18: CARPv2-advertise 36: vhid=10 advbase=1 advskew=0 authlen=7 counter=9074612109644037212
    10:41:53.141266 IP slave > 224.0.0.18: CARPv2-advertise 36: vhid=10 advbase=1 advskew=100 authlen=7 counter=5770705708551257802
    10:41:53.283010 IP master > 224.0.0.18: CARPv2-advertise 36: vhid=10 advbase=1 advskew=0 authlen=7 counter=9074612109644037212
    10:41:54.336882 IP master > 224.0.0.18: CARPv2-advertise 36: vhid=10 advbase=1 advskew=0 authlen=7 counter=9074612109644037212
    10:41:54.620101 IP slave > 224.0.0.18: CARPv2-advertise 36: vhid=10 advbase=1 advskew=100 authlen=7 counter=5770705708551257802
    10:41:55.370097 IP master > 224.0.0.18: CARPv2-advertise 36: vhid=10 advbase=1 advskew=0 authlen=7 counter=9074612109644037212
    10:41:56.079753 IP slave > 224.0.0.18: CARPv2-advertise 36: vhid=10 advbase=1 advskew=100 authlen=7 counter=5770705708551257802
    10:41:56.388804 IP master > 224.0.0.18: CARPv2-advertise 36: vhid=10 advbase=1 advskew=0 authlen=7 counter=9074612109644037212
    10:41:57.452014 IP master > 224.0.0.18: CARPv2-advertise 36: vhid=10 advbase=1 advskew=0 authlen=7 counter=9074612109644037212
    10:41:57.489755 IP slave > 224.0.0.18: CARPv2-advertise 36: vhid=10 advbase=1 advskew=100 authlen=7 counter=5770705708551257802
    10:41:58.515019 IP master > 224.0.0.18: CARPv2-advertise 36: vhid=10 advbase=1 advskew=0 authlen=7 counter=9074612109644037212

    0
  • Netgate

    If they are both advertising then they are likely not seeing each other's advertisements. Since that is a capture on the primary, which can see the secondary's advertisements, what does a capture on the secondary look like?

    This is often due to having the WANs connected to some ISP device that has things like MAC limitations, limitations passing multicast traffic, etc.

    The first thing I would do is connect them both to an unmanaged switch (or even just a looped cable between the two WANs) and see if they go MASTER/BACKUP. Then figure out why that is not happening when they are connected to whatever you have them connected to.

    0
    V
     1 Reply
  • V

    @derelict Hi Now I am able to see both advertisements in both pfsense switches!!!. Not sure why backup pfsense sending advertisements... But still on backup pfsense wan side is showing master.

    0
  • Netgate

    Each interface will have a physical interface name, sigh as em0, ix1, igb0, re4, bc2.

    You can get this in Status > Interfaces

    Then in Diagnostics > Command Prompt execute ifconfig em0 substituting em0 for the correct interface name of your WAN and post the output. Please do not sanitize more than the first couple of octets of any addresses.

    Also please post a quick WAN pcap of the CARP traffic seen on both nodes. Please set the level of detail to Full.

    0
 

© Copyright 2002 - 2018 Rubicon Communications, LLC | Privacy Policy