CARP takes IP during boot before packages are started (fix proposed)

  • During boot, CARP gets initialized before packages start. This can result in a considerable delay between the time when pfSense takes back the VIP and when packages are up and listening on that IP, which results in downtime for those services even when other CARP members are up and working. I have submitted a pull request which fixes this:

    These changes cause CARP interfaces to be brought up at the normal spot in the boot process with a skew of 254, that way if this is the only member currently available, it will take the IP as soon as possible, but any other existing running member will keep the IP.

    After the packages are started, the CARP interfaces are configured again, but this time they use the skew value in the configuration.

    I have tested this on 2.0.1 in my environment with haproxy running on VIPs and it works beautifully.

    Files changed:

    • /etc/rc

    • /etc/rc.interfaces_carp_configure

    • /etc/inc/

    This file was unused (,50258.0.html), so I updated it to do what it seems it was originally intended to it (it configures the CARP interfaces).

    I added a line that called /etc/rc.interfaces_carp_configure after it starts the packages.

    The function interface_carp_configure() was changed so that if the global variable $g['booting'] is true, then it sets the skew to 254, otherwise it sets the skew to the intended value. $g['booting'] is set in rc.bootup which is where the CARP interfaces are first configured (before the packages), so it is true at that point.

    I believe that this change is a big improvement for all packages which listen on a VIP, and that it does not negatively affect any operations. I hope we can see it made part of the next release.

    I also intend to release a package/patch to implement this on the current version, as I will be using this change in my own environment either way.

Log in to reply