Wrong router takes CARP address



  • Hello, I have two pfsense boxes with a carp redundant ip (and pfsync):

    • A with ip 10.2.5.2 configured as master
    • B with ip 10.2.5.3 configured as backup

    I configured one carp ip at 10.2.5.1.

    For first days it was ok. Now if I look I see carp status in A I see master status and in B I see backup status.
    But if I go to http://10.2.5.1 I see always B web interface!! So carp ip is taken by backup router.
    And people in that network complains that voip skips, http fails and so on.

    What's happened?
    How can I debug it?

    Thanks,
    Mario



  • I had to shutdown one pfsense… not very good for an HA configuration.



  • It is incredible, I cannot keep two pfsense box on: the slave takes on the master, and together try to use openvpn!
    Are there incompatibilities with dlink des 1210? I tried with igmp off and on.



  • How can I debug it?



  • No one can tell you how to debug without more details. Such as how is everything connected, switch configuration, interface setup and rules…
    Compare your setup with one of the CARP tutorials and make sure you didn't miss something.



  • If your status is correct, all master on the primary, all backup on the secondary, and you're hitting the secondary when going to the CARP IP, that's a problem with your switch(es) on that interface. They're sending the CARP MAC to the wrong device. The advertisements from the master system update switch CAM tables so things go to the correct port, and that's not being handled properly on your switch for some reason.


Log in to reply