Carp-failover problem (with multiwan)
-
Hello,
I set up a 2-node carp configuration with pfsense 1.2.3-RELEASE.
Here ist the detailed setup:
- 2-node carp setup with pfsense 1.2.3-RELEASE
- public /24 Network from wan1-provider (split for wan1 and dmz)
- wan1 (primary) link with /29 Net (from public /24 network), pfsense connected to cisco router from provider
- wan2 (secondary) link with private /24 network connected to netgear dsl-router (1 public ip-adress via dsl-line)
- dmz-subnet (routed via wan1-link) configured with public /25 network (from public /24 network)
- lan-subnet with private ips (outbound-nat enabled to dmz, wan1, wan2)
- sync subnet with private ips
- for outgoing connections from LAN-subnet I configured 2 failover groups (loadbalancer) "wan1->wan2" and "wan2->wan1" assigned via firewall rules for different target ips
Everything works fine, except one thing during the following failover-test:
- ping -t from lan to target ip reached via wan1->wan2 failover-group (uses wan1)
- ping -t from lan to target ip reached via wan2->wan1 failover-group (uses wan2)
- disable carp on primary (carp-failover to secondary)
The first ping (via wan1) continues to work without interruption, but the second ping (via wan2) stops working after failover.
Why does the second ping stops working?If I stop the second ping, wait a minute, then start ping again, -> it works.
If I switch back to primary-node the failed ping starts working again immediately.
I can alos ping other target ips that use wan2 immediately after failover, but not the one that was used before on primary node.The problem ist not only to ping, a http-request shows the same behaviour.
For me this seems to be a state problem anywhere in my setup,
1minute after carp-failover with NO ACTIVITY to the target-ip the connection works (the incorrect state was deleted).Any idea?
Thanks