Failover split brain effect

Groets

Hi Guys,

I need some help for a strange behavior with 2 firewall in failover mode.

Config

• PfSense 2.1.3-Release
• FreeBSD 8.3
• running into 2 VMs with vSphere 5.1

Firewall 1 (default master)
WAN1 : 91.xxx.xxx.1
WAN2 : 46.xxx.xxx.1

Firewall 2 (default backup)
WAN1 : 91.xxx.xxx.2
WAN2 : 46.xxx.xxx.2

CARP VIP
WAN1 : 91.xxx.xxx.3
WAN2 : 46.xxx.xxx.3

Step 1 : Shutdown Firewall 1

The firewall 2 becomes the master. Perfect !
But i see this king of logs for the firewall 2 :

Block - WAN1 - 46.xxx.xxx.2 - 224.0.0.18: VRRPv2, advertisement, vrid 15…
Block - WAN1 - 46.xxx.xxx.2 - 224.0.0.18: VRRPv2, advertisement, vrid 16...
Block - WAN1 - 46.xxx.xxx.2 - 224.0.0.18: VRRPv2, advertisement, vrid 13...
...

Step 2 : Restarting Firewall 1

Firewall 1 and 2 are both in master mode and all connections are very slow (split brain ?)

Firewall 1 logs :
Block - WAN1 - 46.xxx.xxx.1 - 224.0.0.18: VRRPv2, advertisement, vrid 23…
Block - WAN1 - 46.xxx.xxx.1 - 224.0.0.18: VRRPv2, advertisement, vrid 22...
Block - WAN2 - 91.xxx.xxx.1 - 224.0.0.18: VRRPv2, advertisement, vrid 6...
Block - WAN2 - 91.xxx.xxx.1 - 224.0.0.18: VRRPv2, advertisement, vrid 8...
...
Firewall 2 logs :
Block - WAN1 - 46.xxx.xxx.2 - 224.0.0.18: VRRPv2, advertisement, vrid 23…
Block - WAN1 - 46.xxx.xxx.2 - 224.0.0.18: VRRPv2, advertisement, vrid 22...
...

I'm surprised to see WAN1 with an IP 46.xxx.xxx.x instead of 91.xxx.xxx.x (and vice versa for WAN2)

If i click on the red cross icon, i see the following message :
@36 block drop in log quick proto carp from (self:37) to any

Perhaps unrelated with the problem but a notification (into the header) appears with the following message :
There were error(s) loading the rules pfctl: DIOCADDRULE: Device busy - The line in question reads [0]

Step 3 : Rebooting Firewall 2
Firewall 1 stays master and Firewall 2 come back to Backup. Perfect !

Thanks for your support !