Steve,
I have explicit multicast, network to network, and proto PFSYNC allow
rules on my dedicated CARP interface, which MAY be unnecessary. And I remember
the skew number being very picky, working correctly only in the 0 & 100
setting. At some point my CARP interfaces stopped getting out of sync, so I
stopped troubleshooting.
I do have 1 IP dedicated to each device + the CARP IP on each subnet and a
dedicated direct cable between routers for CARP & sync traffic. My hardware is
real, not virtual, so I hope that isn’t what’s hurting you. Good luck.
ED.
> On 2015, Mar 24, at 12:40 AM, Steve Yates <[email protected]> wrote:
>
> I am not sure this is related but it is weird/bad...I got around to
> setting the skew back to 0 for all CARP IPs on router1. pfSense (2.2.1)
> syncs the change to router2 so those skews change from 101 to 100. However
> afterwards router1 shows all five as Status of Master, and router2 shows all
> five with a blank Status. I must edit each of the five, save (without making
> changes) and only once changes are Applied the Status shows as Backup. That
> sounds like a configuration sync bug? I did see this when setting the skew
> from 0 to 1 earlier today and passed it off as I was clicking around a lot,
> but it seems to be repeatable.
>
> --
> Steve
>
>
> Steve Yates wrote on Mon, Mar 23 2015 at 2:50 pm:
>
>> Just ran into an odd scenario in my testbed...if pfSense (router1) is in a VM
>> (Parallels Cloud/Virtuozzo), and I run "service network restart" on the host
>> for
>> that VM, pfSense fails over the WAN interface but does not fail over the LAN
>> interface. At that point external communication is lost because one router
>> is
>> handling LAN and one WAN. It does not seem to recover afterwards until the
>> host is restarted (we're also using VLANs on the host level for the pfSense
>> VM
>> to use for its interfaces, so that may be a factor in having the host
>> restart).
>>
>> Per http://www.freebsd.org/cgi/man.cgi?query=carp&sektion=4, if
>> net.inet.carp.preempt=1 then the CARP interfaces should fail over together.
>> Running "sysctl net.inet.carp" on pfSense shows net.inet.carp.preempt=1. If
>> I
>> reload the CARP status page on router2 quickly, I can see that the WAN and
>> LAN interfaces correctly fail over so router2 is Master, however it almost
>> immediately reverts so router2 is Master for WAN but router2 is Backup for
>> LAN, and router1 is Master for LAN.
>>
>> How can I ensure they "fail back" together?
>>
>> Note that when I simply boot the host for router1, pfSense does fail over and
>> back correctly! So something is making it not fail back on the network
>> restart?
>>
>> For what it's worth we have a IPv4 and IPv6 CARP IPs for WAN, and an IPv4, an
>> IPv4 alias, and IPv6 CARP IP for LAN.
>>
>> I found an OpenBSD (which I know is different OS, but...) FAQ page on CARP
>> that says "By default all carp(4) interfaces are added to the carp group."
>> However if I run "ifconfig -v" on pfSense no groups are listed for em0 and
>> em1,
>> only lo0, enc0, and ovpns1. I created a pfSense interface group "carpgroup"
>> for
>> LAN and WAN, but had the same symptoms.
> _______________________________________________
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold
_______________________________________________
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold
