Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Issue with CARP sync status

    HA/CARP/VIPs
    1
    1
    304
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • maverickws
      maverickws last edited by maverickws

      Hi there,

      I have this setup with 2 firewalls on HA with multi-WAN.
      Recently we started having an issue where when a firewall is supposed to go to standby, it does, but not on all CARP VIP's.

      For example, the #1 firewall assumes the master role, on firewall #2 I get 4 IP's from a /28 on one of the WAN's that get stuck as master on the firewall #2, and also show as master on firewall #1.

      If I enable "Enter persistent CARP maintenance mode" on firewall #1 and traffic goes to fw #2, firewall #1 keeps status of Master of some 4 CARP VIP's as well, and fw#2 also marks them as Master.

      When I enable CARP persistent maintenance mode, I get interruption on the connections.

      Under Status > CARP (failover) I have the same pfSync nodes on firewall 1 and firewall 2.

      sysctl net.inet.carp.demotion shows 0 on both.

      On the log of the fw#1 when enabled the CARP maintenance mode, it appeared the following entry:
      carp: demoted by -240 to 0 (pfsync bulk fail)

      I find this particularly strange as the VIP's that keep MASTER status are not always the same, and they're not even always on the same WAN interface. Some times its VIP's from WAN1, which is connected to one switch, and some times its VIP's from WAN2, which are connected to a different switch.

      Is there a way to "reset" the CARP status on both, or idk please do you have any hints for this issue?

      Thank you.

      1 Reply Last reply Reply Quote 0
      • First post
        Last post