Failover not working despite status saying otherwise

  • Morning all,
    Strange issue on one of our CARP setups with Pf…during a planned or unplanned failover of server A to B, the status screens report correctly that the CARP has failed over to the other, but the actual traffic flow completely stops. From pings, to net traffic, ect;
    Its odd as another CARP array with the same settings, does a failover with 1 dropped ping and no loss of traffic flow.

    Both sets of Pf's are on 2.2.4 and the only significant differences in config is the "faulty" array is that it runs Squid3 & only has CARP on its LAN IP.
    Both sets have the same VLANs assigned, access modes, tags, etc.

    Any obvious things to look at here that i'm perhaps overlooking?

    Thanks in advance all.

  • As a further step, i've just rebuild the second pf and retested & disabled squid on the second box to test if its squid causing issue - no difference for either.

  • To help with diagnostics, ive duplicated the entire setup +one test machine in a lab - the issue still exists there.
    Interestingly, a packet capture shows no incoming traffic to the internal CARP VIP, whereas a ping to the "actual" internal IP shows traffic. :-\

  • To the internal CARP VIP, so sounds like you're routing traffic through? In that case your upstream router is probably routing to the WAN IP of the primary and not a CARP IP, so the routing stops working when CARP switches over.

  • Morning,
    Thank you for the reply, i solved it yesterday, i was just testing in the interim to make sure.
    Turns out it was a "school boy error" that i only noticed when i was setting up the test lab….i missed enabling mac spoofing on the LAN NIC on one of the PFs' :P ha ha.
    The solution to this problem was a caffeine increase. ;)

Log in to reply