----- Original Message ----- > On 12/5/2012 10:11 AM, Tim Nelson wrote: > > I've successfully setup 2x pfSense boxen with CARP. It is working > > properly, with ~1 second failover. The following test scenarios > > work well: > > > > -Unplugging a link (WAN, LAN, etc) > > -Causing system crash (kill -9 1) > > -Unplugging both SAS HDDs (actually carp doesn't come into play, > > system keeps routing traffic happily, even though system errors > > are flying by on the console) > > > > I am finding a situation however where failover is not happening, > > but I'm not sure if it's *supposed* to in this case: > > > > CARP seems to fail over upon NIC link change (down). If I move the > > WAN (on my primary system)with a CARP IP from a 'live' switch with > > connectivity to the outside world to a different switch without > > connectivity to the outside world, I lose all connectivity. I > > guess my assumption was the loss of *routing* connectivity would > > trigger CARP, but it appears this isn't the case. To make matters > > even more confusing, during this time, both my primary and backup > > system list the WAN CARP IP as Master. > > > > Does that make sense? Is this expected behavior or am I missing > > something? > > CARP works based on whether or not each node can see the heartbeats > from > the other node. Routing doesn't have anything to do with it, it's all > layer 1/2. > > The backup will try to take over since it would no longer see > advertisements from the master, but that just means you'd be dual > master > on some VIPs and probably not functional. > > The primary will never demote itself unless it loses link on an > interface. If the link is still up, the primary will keep going > master > on all VIPs. > > That's a bit of an edge case we've been trying to come up with a > nice/elegant solution for. > > Mostly that bites people using it in ESX where the vswitch doesn't > lose > link if the physical NIC dies. You can work around that with some ESX > mojo to bring down the vswitch if the physical link goes away though. >
Ah, this does indeed make sense. I suppose CARP was intended to handle link failure of a specific type (sounds like L1/L2), but not *all* failure types. Thanks Jim! --Tim _______________________________________________ List mailing list [email protected] http://lists.pfsense.org/mailman/listinfo/list
