CARP / Virtual IP / Backup Skew
-
Re: pfBlockerNG-devel feedback
I've been enjoying pfBlockerNG Devel much more than the previous version. Enough so, I can't see myself going back. However, it's been quite tedious whenever I have to reboot my master node in my CARP fail-over cluster. The pfB DNSBL Virtual IP resets itself, whether it's on the master node or backup node. Unfortunately, this sets the 'skew' number to 0 on both, so neither node knows which is the primary and secondary. If you could just leave that setting out of being reset, all would be good.
As it is now, if I reboot my master node, the pfB DNSBL Virtual IP maintains master status on the backup node. I have to manually change that in some way or another. It's not difficult to go into the virtual IP, change the skew to 100 on the backup. Then, it instantly knows it's the backup. Nevertheless, it's a step which should not be necessary. The whole purpose of the CARP configuration is that it should be automatic/seamless.
You'll probably say, don't use the CARP setting. Okay, fine. But if you are looking for feedback.... :).
Thanks for the hard work.
-
@talaverde
At the risk of a "me too" post, I've just upgraded to pfBlockerNG-devel and noticed the issue of the VIP status not reverting to MASTER when the primary router returns to master status, and then I spotted the same base and skew values on both the primary and backup routers. I recognise that this is a beta feature on a development application! -
Yea, it's been auto-changing back to often. I've finally given up on the 'CARP' feature and just switched it back to the old 'IP alias'. Not sure what features I'll lose but it can't be worse than a misconfigured virtual IP.