Carp doesn't work after the upgrade



  • Hi all

    I had a setup with two pfsense 1.0.1 with carp, that worked very well.
    I upgraded to 1.2 rc3.

    Now when both firewalls are up after 5min of work carp loose sync and from carp status I can see that few carp ips are in master mode and other in backup mode.

    I have sis nics (5 for each fw)
    From the firewallA console I can see alot of warnings of the watchdog timeout.
    If I turn off the firewallA the B become active and all works great whitout any problem.

    Turning on device polling on firewallA seems to fix the problem, and the carp system work.
    From firewallA dmesg I can see this warning:

    arp_rtrequest: bad gateway 159.213.. (!AF_LINK)
    I have each one for each carp ip

    Must I activate the device polling also in the firewall B ?

    I am very confused….

    Giacomo



  • Sounds like the newer version of FreeBSD does not like one or more nics on the machine that is reporting the watchdog timeouts.  If you are not using Intel nics I highly suggest switching.



  • @sullrich:

    Sounds like the newer version of FreeBSD does not like one or more nics on the machine that is reporting the watchdog timeouts.  If you are not using Intel nics I highly suggest switching.

    why device polling fix the problem ?
    freebsd guys assume that it can only works in 4.x or 5.x but not >= 6 release

    Giacomo



  • Humm..  Not really sure. That is most strange.

    So you are saying that enabling polling fixed it??



  • Hi!

    I seem to have exactly the same problem. After the upgrade to 1.2 CARP stops working after approximately 10-30 minutes. I think the problem is not CARP itself though, but the network driver. I have a setup with 2 Intel (em) NICs and several VLAN interfaces. Once it fails (it always fails on the WAN interfaces only, strangely, never on the LAN ones), I cannot ping the corresponding interface IPs from firewall A to B and vice versa. I can however ping the gateways (which are in the same subnets) from both. Luckily I found this post, and device polling indeed does solve the issue. It is very strange though. It looks like it is an OS problem rather than a pfSense problem.

    Cheers,
    Waldemar



  • Try reinstalling 1.2 with the SMP kernel.  Does this change the situation?


Locked