FRR Zebra not restarting with Carp IP monitoring.
-
I have 2 firewalls, each with a BGP link to a specific ISP serving a /24 block. This works perfect.
On the internal side, CARP is being used to "move" IPs from the master firewall to the backup in case of failure. This works fine.
I'm using FRR for BGP and according to the docs, there's a global setting that allows each firewall to start/stop the FRR services according to the status of a carp IP."CARP Status IP
Used to determine the CARP status when using FRR with certain high availability setups. When the selected CARP vhid is in BACKUP status, FRR will not be started. This check is also made when a CARP VIP transitions to a new status, and the FRR daemons will be stopped or started appropriately to match the VIP status."
(https://docs.netgate.com/pfsense/en/latest/packages/frr/global/configuration.html)However, on both of my firewalls FRR is not doing this. The firewall with the Master status does not autostart FRR, and the one with the Backup status does not autostop FRR.
I can manually trigger the master/backup status of the firewalls/vhids and this works fine, but the FRR service does not seem to care about this and is not "stopped or started appropriately to match the VIP status." as per the docs.
Is there anything I might be missing?
-
@jcubillo
Replying to myself since a friend found this answer and might help somebody else in the future:"""
You need to install the System Patches package: https://docs.netgate.com/pfsense/en/latest/development/system-patches.html
And apply Patch ID 7dbe76cd5756082cbd67db1b93acb606ad84996eThen you need to reinstall the FRR package.
see https://redmine.pfsense.org/issues/11290#note-12
"""This is from:
https://forum.netgate.com/topic/162722/frr-doesn-t-follow-carp-after-2-5-0-upgrade/8I did exactly that and now Zebra follows the CARP VHID status.