CARP Failover between firewalls
I am working on a firewall failover setup. Each firewall has 8 interfaces with its own unique IP address. I have one dedicated failover interface defined on each firewall and a Virtual IP for each pair of NICs. Under the carp status page I can see master on one firewall for each interface, and backup for its pair on the other firewall.
I have CARP setup and working properly(I think) to a point where I can disconnect a single NIC, or multiple NICs from one firewall and still pass traffic, but if I disconnect an interface on one firewall and another on a different firewall(different pairs) the traffic stops passing on last removed NIC until I plug in the first disconnected NIC, and then traffic passes again.
My question is should this work, or is this a limitation with CARP?
Here is a rough diagram of my setup
These are connected to a HP switch using untagged vlans.
Anything you do to either of a completely separate pair of systems won't impact a different pair. There are a variety of general network issues that could cause the described scenario, maybe routing to non-CARP IPs somewhere, among other possibilities.