Your mixing two separate things. The SYNC is the firewall configuration and states synchronization between the two machines.
CARP sends special "i'm alive" packets on the same NIC for which it is configured. That's the only way to tell if the other server's connection to this network is alive. It is independently tested for each NIC/network. One does not require the other, but together they make for some nice redundancy configurations. On Fri, Jun 5, 2015 at 11:05 AM, Hubschmid Lukas (s) < [email protected]> wrote: > Hello everybody, > > Following scenario: > - 2 pfSense nodes with two NICs each > - both nodes are connected directly with a cable using one NIC (let's call > this NIC SYNC) > - both nodes are connected to the client network using the second NIC > (let's call this NIC LAN) > - 1 node is master (active), 1 node is slave (passive) > - CARP is configured to use the SYNC link for synchronization > - master node IP on LAN: 192.168.1.2 > - slave node IP on LAN: 192.168.1.3 > - Virtual IP on LAN: 192.168.1.1 > - All clients can communicate with both pfSense nodes (NIC LAN) on layer 2 > - Now the weird thing: the LAN NICs of both pfSense nodes CANNOT > communicate on layer 2 (don't ask, it's because of VXLAN) > > How does the slave detects if the master has lost connection to LAN? Do > they do this only via the SYNC link? > Or does the slave node sends periodically probe messages over the LAN NIC > to check if LAN NIC of the master node is still reachable? > > KR, > Lukas > _______________________________________________ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > Support the project with Gold! https://pfsense.org/gold > _______________________________________________ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
