CARP + Stacked IP Aliases causing CARP conflicts on 2.2.2-RELEASE

  • I've run into a problem today trying to configure IP aliases for a CARP virtual IP on a pair of devices running 2.2.2-RELEASE. Using the Web UI on the primary firewall, I enter details for a new IP alias on an existing CARP address, and click save. This returns me to the Virtual Address List, where there is a prompt and a button to apply the changes. However, it seems that before clicking apply, the changes have already been synced to the secondary firewall and applied there. Furthermore, the different configuration between the primary and secondary devices results in them both thinking they are MASTER for the underlying CARP address, resulting in IP duplication. As soon as I click apply on the primary firewall GUI, the address appears in the ifconfig output for that device, and the CARP conflict resolves, with the secondary device demoting itself to BACKUP.

    Am I doing something stupid here? Has anybody else come across this problem?

  • One more thing I've noticed - the behaviour seems to be the same when adding new CARP VIPs. When you click save to add a VIP, it is immediately synced and applied to the secondary node, and only gets applied on the primary after clicking 'apply'. It's not so much of a problem in that case of course, because it's a new VIP, and doesn't matter if it's MASTER on the secondary initially.

Log in to reply