Are you using the "enter persistent maintenance mode" here? I'm trying
to remember when I looked at this a couple years ago but overall if we shut
down node A, node B takes over, and when A boots up it becomes Master again.
However if I enter maintenance mode first (forcing B to Master) then B stays as
Master after A comes up again.
I have seen the occasional situation where we exit maintenance mode and
the IPv6 CARP WAN IP ends up with *both* routers showing as Master, but at that
point I restart node B and it clears out (we have CARP IPs for two LANs and a
WAN, and both IPv4 and IPv6, on two virtualized routers).
--
Steve Yates
ITS, Inc.
-----Original Message-----
From: List [mailto:[email protected]] On Behalf Of Andrew Kester
Sent: Friday, November 3, 2017 10:49 AM
To: [email protected]
Subject: Re: [pfSense] CARP Demotion Not Working
An update on this, if the master node is rebooted during a failure, the
secondary node takes cover correctly and remains the master as would be
expected.
This makes me think that the priority is set correctly but the second
node for some reason isn't honoring the advskew set by the master correctly.
To illustrate what I mean-
-------------------
| Node A | Node B |
-------------------
| M M | B B | Normal, Node A is master on all CARP IP's
| M X | B M | Failure, incorrect though. Node B should be master.
| - - | M M | Node A Offline, B takes over as master correctly
| B X | M M | After restart, correct behavior. Node B is master.
-------------------
M - Master
X - Down
B - Backup
I've also ran through the CARP troubleshooting guide here to no avail.
https://doc.pfsense.org/index.php/CARP_Configuration_Troubleshooting
Let me know if you need more information or clarification, I'm not sure
the best way to illustrate / communicate my problem.
---
Thanks,
Andrew Kester
The Storehouse
https://sthse.co
On 11/1/17 3:30 PM, Andrew Kester wrote:
> Hi List,
>
> I'm having an issue with CARP preempt. I have two pfSense machines
> running 2.4.1-RELEASE. CARP fails over all individual IPs correctly,
> but doesn't preempt correctly in the case of a single failure.
>
> On both machines, I've checked that net.inet.carp.preempt is enabled.
> The master appears to be detecting the demotion, as it sets
> net.inet.carp.demotion to 240 during a failure, but ifconfig still
> reports advskew as 0.
>
> I'm not 100% sure if that number should update, or if the demotion
> number is added to the advskew reported by ifconfig.
>
> Relevent sysctl, ifconfig, and log output taken from the master firewall
> during a failure is attached.
>
> Any help is greatly appreciated!
>
> ---
> Thanks,
>
> Andrew Kester
> The Storehouse
> https://sthse.co
>
>
> _______________________________________________
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold
>
_______________________________________________
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold
_______________________________________________
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold
