4. Backup Notification of Master Failure

Backup Notification of Master Failure

  • M

    I don't know if CARP has any such functionality as what I'm about to describe, but it seems like a very useful feature.  I tend to think it does not.

    I was recently in the hospital and one of my CARPed pfSense gateways went down while I was away.  As a result, my SixXS tunnel was disabled.  I've corrected that problem for now, but it occurs to me that if the other CARPed pfSense box (the backup, in this case) had detected the loss of its counterpart and sent me an email to that effect (for instance–other alerts are also possible), I could have made an effort to correct the problem in a more timely manner.

    So,

    • Does CARP or pfSense handle any such scenario?

    • Would this be a feature worth adding if not?

    • Does anyone know of any third party software that would handle this in the meantime?

    Thanks in advance!
    Mike Pugh

    P.S. Despite how I titled the subject, I obviously mean that if one fails the other alerts regardless of which is technically master or backup.  And, yes, SixXS did notify me by email, but having my own box do it first would offer more options, I should think.  I would want to know that one of the gateways had failed regardless of whether I was tunneling IPv6, for instance.

    0
  • C

    We and most users rely on general purpose network monitoring systems to detect such things. There's only so much a firewall can and should monitor along those lines, there are a slew of network monitoring platforms that are far better suited to monitoring and detecting that scenario amongst many others. Any network monitoring system can monitor at least accessibility of the interface IPs of each system, most of them can monitor CARP interface status via SNMP.

    0
  • Rebel Alliance Developer Netgate

    If you have e-mail notifications configured, it does e-mail you when a CARP VIP transitions between master and backup. At least it does on 2.1, I thought it did on 2.0.x as well.

    0
  • N

    Indeed it does, but you have to fix the devd.conf file first. I ran into this a while back. Fixed it thanks to jimp.

    @jimp:

    Edit devd.conf, change the "subsystem" from carp to vip. Then you can killall -9 devd; devd (or reboot).

    I've been doing that to all my installs. Just make sure you restart devd afterwards.

    0
  • Rebel Alliance Developer Netgate

    Yeah that's fixed on 2.0.2 and 2.1. Forgot that was broken on 2.0.1.

    0
Locked
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy