Backup Notification of Master Failure
mdpugh last edited by
I don't know if CARP has any such functionality as what I'm about to describe, but it seems like a very useful feature. I tend to think it does not.
I was recently in the hospital and one of my CARPed pfSense gateways went down while I was away. As a result, my SixXS tunnel was disabled. I've corrected that problem for now, but it occurs to me that if the other CARPed pfSense box (the backup, in this case) had detected the loss of its counterpart and sent me an email to that effect (for instance–other alerts are also possible), I could have made an effort to correct the problem in a more timely manner.
Does CARP or pfSense handle any such scenario?
Would this be a feature worth adding if not?
Does anyone know of any third party software that would handle this in the meantime?
Thanks in advance!
P.S. Despite how I titled the subject, I obviously mean that if one fails the other alerts regardless of which is technically master or backup. And, yes, SixXS did notify me by email, but having my own box do it first would offer more options, I should think. I would want to know that one of the gateways had failed regardless of whether I was tunneling IPv6, for instance.
cmb last edited by
We and most users rely on general purpose network monitoring systems to detect such things. There's only so much a firewall can and should monitor along those lines, there are a slew of network monitoring platforms that are far better suited to monitoring and detecting that scenario amongst many others. Any network monitoring system can monitor at least accessibility of the interface IPs of each system, most of them can monitor CARP interface status via SNMP.
If you have e-mail notifications configured, it does e-mail you when a CARP VIP transitions between master and backup. At least it does on 2.1, I thought it did on 2.0.x as well.
nullifi last edited by
Indeed it does, but you have to fix the devd.conf file first. I ran into this a while back. Fixed it thanks to jimp.
Edit devd.conf, change the "subsystem" from carp to vip. Then you can killall -9 devd; devd (or reboot).
I've been doing that to all my installs. Just make sure you restart devd afterwards.
Yeah that's fixed on 2.0.2 and 2.1. Forgot that was broken on 2.0.1.