Pfsense CARP switch from MASTER/BACKUP randomly
-
Hello,
We have two firewalls pfsense cluster High Availability. We noticed that several times, primary pfsense switch automatically CARP from master to backup and secondary pfsense switch automatically CARP from backup to master without reason. Few seconds after reswicth on normal state. We had recently upgraded to latest stable release pfsense 2.6.0-RELEASE but problem persist. Do you have any ideas about this problem and help to us ?
Thanks a lot by advance for your support
Regards
-
@pfsense7515 Pretty much the only way for that to happen are issues at Layer 2. But that almost always means you end up with MASTER/MASTER not an actual failover.
Is an interface with CARP addresses on it losing link? If so, it's doing what it's supposed to do.
-
Hello, Thank you for your feedback.
How can I debug this problem with a monitoring tool. What do you advise me to do? ping one or more physical interfaces? or one or more VIPs?Thank you for your precious help
-
@pfsense7515 Take a look at:
https://docs.netgate.com/pfsense/en/latest/troubleshooting/high-availability.html#other-switch-and-layer-2-issues -
@pfsense7515 Look at the logs. System log has interface down/up and CARP events.
-
Hello Thank you for answer. For the carp events, I received message like this below
only by email not on system logsNotifications in this message: 5
10:57:14 HA cluster member "(X.X.X.X@igb1.XXX): (VLAN1)" has resumed CARP state "MASTER" for vhid 8
10:57:14 HA cluster member "(X.X.X.X@igb1.XXX): (VLAN2)" has resumed CARP state "MASTER" for vhid 2
10:57:14 HA cluster member "(X.X.X.X@igb1.XXX): (VLAN3)" has resumed CARP state "MASTER" for vhid 4
10:57:14 HA cluster member "(X.X.X.X@igb1.XXX): (VLAN4)" has resumed CARP state "MASTER" for vhid 1
10:57:14 HA cluster member "(X.X.X.X@igb1.XXX): (VLAN5)" has resumed CARP state "MASTER" for vhid 3For see if there are potentially problem with physically link. What kind of message must be find in system logs please ?
Thank You for your help at this topic
-
@pfsense7515 Need to look at what caused that. That is only part of the event. There are also logs like links going down and up, etc.
-
-
-