Issue with CARP sync status
maverickws last edited by maverickws
I have this setup with 2 firewalls on HA with multi-WAN.
Recently we started having an issue where when a firewall is supposed to go to standby, it does, but not on all CARP VIP's.
For example, the #1 firewall assumes the master role, on firewall #2 I get 4 IP's from a /28 on one of the WAN's that get stuck as master on the firewall #2, and also show as master on firewall #1.
If I enable "Enter persistent CARP maintenance mode" on firewall #1 and traffic goes to fw #2, firewall #1 keeps status of Master of some 4 CARP VIP's as well, and fw#2 also marks them as Master.
When I enable CARP persistent maintenance mode, I get interruption on the connections.
Under Status > CARP (failover) I have the same pfSync nodes on firewall 1 and firewall 2.
sysctl net.inet.carp.demotionshows 0 on both.
On the log of the fw#1 when enabled the CARP maintenance mode, it appeared the following entry:
carp: demoted by -240 to 0 (pfsync bulk fail)
I find this particularly strange as the VIP's that keep MASTER status are not always the same, and they're not even always on the same WAN interface. Some times its VIP's from WAN1, which is connected to one switch, and some times its VIP's from WAN2, which are connected to a different switch.
Is there a way to "reset" the CARP status on both, or idk please do you have any hints for this issue?