Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Question about LAN CARP Gateway failover when only WAN CARP goes down?

    Scheduled Pinned Locked Moved
    HA/CARP/VIPs
    2
    3
    183
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • E
      emmdee
      last edited by

      Hi - I will test this within the next couple weeks but I am trying to design the workflows right now so I'm hoping someone may have answers before I get my hands on a HA stack to play with.

      Let's say I have fwA and fwB hosts. PFSYNC is enabled, Config sync is disabled, LAN connection has CARP floating IP, and WAN has CARP floating IP's. "fwA" is the current "master" for all CARP connections.

      Both hosts are on on pfSense+ v22.05.01

      I'm wondering about a scenario where fwA has its WAN go down and it fails over to fwB. All the LAN hosts are using fwA as their gateway. Will they fail to reach WAN since they are still trying to hit fwA CARP LAN IP as their gateway or does pfsync handle this failover of all CARP interfaces at the same time? I didn't see anything in the docs about configuring OSPF/etc for link state handling.

      The documentation for validation states to "unplug the primary node from the network" ... but my hypothetical scenario is where only the WAN connection goes down, not the entire network (LAN remains "up").

      As mentioned, I'll be able to actually test this in a week or two when I have free access to the lab, but I just wanted some clarity on the design so figured I would ask here if anyone knows off the top of their heads.

      V 1 Reply Last reply Reply Quote 0
      • V
        viragomann @emmdee
        last edited by

        @emmdee
        All CARP VIPs failover to the secondary if the connection between any CARP-interface (e.g. FWA-WAN FWB-WAN) is cut.
        So also the LAN-CARP VIP moves over to the secondary.

        Your LAN devices have to the CARP as their upstream gateway.
        Then if state sync is enabled, the connections should operate without noticeable interruption.

        E 1 Reply Last reply Reply Quote 0
        • E
          emmdee @viragomann
          last edited by

          @viragomann That's great, thanks for your reply. I'll be validating this forthcoming but it gives me confidence hearing it from someone else. Much appreciated.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post