FRR doesn't follow CARP after 2.5.0 upgrade

defunct78

Upgraded a HA pair from 2.4.5p1 to 2.5.0
FRR 0.6.4_2 to 1.1.0_8

After the upgrade, when I disable the CARP interface on the primary, FRR no longer stops on the primary, and the secondary doesn't start. Both are configured to watch a CARP interface.

If I stop FRR on the primary, then start FRR on the secondary and it starts. Moving CARP back to primary, secondary continues to run FRR until I manually stop it, and start FRR up on the primary.

I see a few posts like this but nothing exactly, the closest thing is
https://redmine.pfsense.org/issues/11290
But that was closed until someone runs into the same problem.

defunct78

@defunct78 After upgrading to FRR 1.1.0_10, the problem magically went away

jutley

@defunct78 I've just run into this today, with FRR 1.1.0_10 on PFSense 2.5.1. Same exact symptoms as the OP. One more data point, on a reboot of the CARP primary machine, FRR does not automatically start - I have to manually start the "watchfrr" service.

Nothing at all in the logs to indicate any type of problem (at least that I can see).

defunct78

@jutley I was afraid of that based on how it magically just worked for me after an FRR upgrade. I have a 2.5.1 upgrade to do on the same nodes in the next coming days, which I will report if the problem returns. Maybe try reinstalling the package, though I am guessing this won't help.

defunct78

@defunct78 said in FRR doesn't follow CARP after 2.5.0 upgrade:

@jutley I was afraid of that based on how it magically just worked for me after an FRR upgrade. I have a 2.5.1 upgrade to do on the same nodes in the next coming days, which I will report if the problem returns. Maybe try reinstalling the package, though I am guessing this won't help.

Just let you know my upgrade to 2.5.1 did not break FRR again. I am not sure exactly how mine install got fixed by doing the upgrade I posted earlier. Sorry, wish I had more for ya.

defunct78

To add another detail to this.

I had another pair to upgrade.
FRR 0.6.4_2 to 1.1.0_10

I think some "upgrade" step may be missed that causes this problem. And jumping from such an old version to the newest is the reason.

During the upgrade, the backup box had the problem, but after following the steps below, the primary did not show the problem.

Once the OS is upgraded, I would go into the FRR ACL config page and add the "any" check box to the one line where the source was an "any". (note: this check box was not an option on old version of FRR)

Then go into package manager and "reinstall" frr.

Once I did this step the problem went away.

egb

@defunct78 using pfsense plus 21.02 and having the same problem. Previously used quogga and didn't have frr installed before the upgrade so can't see it's related to that, feels like a bigger bug. If I restart the primary, carp fails all the ips over to the secondary and frr just sits there disabled. This definelty needs looking into by Mr pingle

jutley

@egb @defunct78 Thought you guys may be interested - looks like there's been some action on this finally! Jim P says he has found the problem, and a fix should be committed on it shortly. See:

https://redmine.pfsense.org/issues/11290

It appears it involves more than just FRR, as it's a problem with plugin tags not being added to packages in certain cases.

viktor_g

You need to install the System Patches package: https://docs.netgate.com/pfsense/en/latest/development/system-patches.html
And apply Patch ID 7dbe76cd5756082cbd67db1b93acb606ad84996e

Then you need to reinstall the FRR package.

see https://redmine.pfsense.org/issues/11290#note-12