Stateful CARP - is it really working?

horace

Hello to everybody!
I have 2 alix with pfsense configured in HA, no log error and master and slave change roles correctly.

Finally, I tried the stateful failover, so i did some tests:

1. Watch a video on Youtube. If i pull the power plug of the master, the video still loads. Ok!
2. Download a file with a download manager like Down Them All (a Firefox extension). If i pull the power plug of the master, i can still download the file. Ok!
3. Download a file with Firefox or Internet Explorer (tried both) built-in download manager. If i pull the power plug of the master, the download stops. If i plug back the master, nothing happens.
4. Copy a file from a Samba Server. If i pull the power plug of the master, the download stops. If i plug back the master, the download starts again.

My question: are the scenario 3) and 4) normal?

Thank you!

podilarius

I can tell you that 3) is not normal. I seem to recall my download paused for a sec and then started back, and I failed it back and forth from primary to secondary several times for one download. (it was multi-gigabyte file) The 4) might be normal depending on how you are accessing the server (specifically NAT reflection or is it truly on the other side of the FW). Samba is not one that you normally firewall (as in not passing it at all), but it should work.

horace

Thank you for your answer!
I tried the State option in System -> Advanced ->  Miscellaneus but the download dosn't work. I don't think it's a multicast issue because i tried to connect directly the 2 box. I double checked the Outboot NAT rules.

Do you have any idea?

horace

Shame on me!
I forgot to enable the first 3 options in the carp setting page on the slave firewall. I didn't traslate well page 393 of pfsense book!