Carp Auto failing back and forth between two routers



  • I have two pfsense boxes both setup the same way:  3 nic's, WAN connected to upstream provider's switch (in Data Center), LAN connect to my local switch, SYNC connect to my second box via cross over cable.

    I have 9 Carp IP's setup, 8 are the local lan's default gateway for each /24 I have (I have a /21, so x.x.153.1, x.x.154.1, etc.), the 9th Carp IP is the WAN IP.  It's been "mostly" working fine for 6+ months.  This past friday it started auto failing over to my secondary router, it would either stay that way until I did something, or would auto fail back to the primary router, or only some carp IP's would auto fail back.

    If I reboot my primary router or disable then re-enable carp, my primary would become the primary router again.  The only error in the system log is:  (more frequent advertisement received)

    I've contacted my upstream (Data Center), and they claim there are no issues/changes on their side (as they always say).  It's been flapping this entire weekend, usually it's ok, as data then flows through one or the other, but once only half flapped back (so half the carp's were active on one router and half on the other), which cause an entire network outage.  What is going on?  Any help is appreciated.

    Thanks,

    John



  • look at your quality graph for the WAN to make sure you are not seeing dropped packets.
    Do you see any NICs loosing connectivity in the logs?
    What pfSense version are you running?



  • As far as quality, occasionally there is packet loss, but it looks pretty clean.  No errors regarding the NIC's, just the "more frequent advertisement received" error.  The version is 2.1.3, 64 bit.



  • I had this issue when I had a very slight configuration problem. Can you go back trough it and see if you can find a problem.



  • Which configuration?  What should I be looking for?  Why would it all of the sudden start doing this when it was working fine previously?



  • I am not sure why all of a sudden its not working unless someone changed something. My problem had to do with routing to the default gateway and gateway monitor IP address.


Log in to reply