Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    CARP Failover times??

    Scheduled Pinned Locked Moved HA/CARP/VIPs
    6 Posts 4 Posters 3.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C Offline
      cr_hyland
      last edited by

      How long should it take for a secondary firewall to take over the CARP VIP and start passing traffic again when the master is shutdown or rebooted?

      We have set up a secondary pfSense cluster in a new Data Center and the failover times are about 10 seconds with 5 to 10 ping drops and a very obvious pause during the switchover phase whereas at our primary site our pfSense cluster fails over in about 2 seconds with usually only a single ping dropped and is generally unnoticed.

      Both sites are identical, VMware esxi 5.1, hp bl460c blades, same HP VC networking etc.

      Only difference is the data centre.

      1 Reply Last reply Reply Quote 0
      • N Offline
        nothing
        last edited by

        Check your states syncing.
        States counters on both boxes should be almost the same.

        1 Reply Last reply Reply Quote 0
        • C Offline
          cr_hyland
          last edited by

          States are syncing fine, RDP sessions etc. stay active after failover, no need to login in again.

          1 Reply Last reply Reply Quote 0
          • jimpJ Offline
            jimp Rebel Alliance Developer Netgate
            last edited by

            Usually it's nearly immediate, a second or two at most.

            Assuming a base of 0 and skew of 1 on the master's VIPs.

            If you increased advbase it would be less sensitive and take longer to failover.

            Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

            Need help fast? Netgate Global Support!

            Do not Chat/PM for help!

            1 Reply Last reply Reply Quote 0
            • C Offline
              cr_hyland
              last edited by

              Aha, the WAN VIP had a base of 10 where everything else was base .

              Changed it to  and it fails over in about a second :-)

              Not sure how i fudged the config but that's all it took to solve it.
              Cheers.

              1 Reply Last reply Reply Quote 0
              • J Offline
                jasonlitka
                last edited by

                @craggy:

                How long should it take for a secondary firewall to take over the CARP VIP and start passing traffic again when the master is shutdown or rebooted?

                We have set up a secondary pfSense cluster in a new Data Center and the failover times are about 10 seconds with 5 to 10 ping drops and a very obvious pause during the switchover phase whereas at our primary site our pfSense cluster fails over in about 2 seconds with usually only a single ping dropped and is generally unnoticed.

                Both sites are identical, VMware esxi 5.1, hp bl460c blades, same HP VC networking etc.

                Only difference is the data centre.

                My boxes are instant; I've got a failing box and it needs a reboot every few days.

                If you're seeing 10 seconds then it might be something about being virtualized or maybe you've changed the base & skew settings.  For base & skew I use 0/1 on the primary and 0/100 on the secondary.

                I can break anything.

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.