Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Connection lost on second failover/failback switch

    Scheduled Pinned Locked Moved
    HA/CARP/VIPs
    1
    1
    55
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      dzt
      last edited by

      Hi,

      I set up two pfsense 2.7.2 freshly installed instances in HA following this guide: https://docs.netgate.com/pfsense/en/latest/recipes/high-availability.html

      In case I start a wget or curl download from a client and a failover occurs, the download continues without interruption. However, when the primary comes back and the failback happens, the connection is lost. It does not exit, but the download speed reduces to zero and is stuck there. (I can establish a new connection without a problem.) I use the following curl command for testing: curl --limit-rate 1m -o test http://<CARP WAN VIP>/test (The speed is limited to have time for tests.)

      The problem is the same if I start in the failover state (so the connection goes through the secondary): The connection is not interrupted when the failback to primary happens, but in case there is a new failover after the failback, the connection is lost.

      So in short, the connection survives one switch, but not a second one.

      Things I checked:

      • Configuration is synchronized from primary to secondary. (Including for example firewall rules, and NAT rules/mappings.)
      • If I establish a connection, the state table entry appears on both the primary and the secondary.
      • Outbound NAT goes through the CARP WAN VIP.
      • pfsync interface originally had the rules from the HA guide, but now it is just an allow everything rule
      • The issue is the same when the cable is unplugged/plugged and when the "Enter/Leave Persistent CARP Maintenance Mode" feature is used.
      • I can establish new connections in every state, the problem is only with existing ones and only on the second failover.
      • If a third failover happens after the second one, the connection sometimes recovers.
      • The master/backup states are shown correctly, and the carp packets seem normal in the packet capture output.

      I'm looking for ideas on how to fix this problem.

      Thank you for your ideas and help.

      1 Reply Last reply Reply Quote 0
      • First post
        Last post