Right. When preempt is set any carp interface which has a real interface down causes all carps to use 240 for the skew. At this point I think it is simply a race to see which interface takes MASTER. That is why I used preempt on only one FW. This insures that, in a situation like the one described, only one FW is MASTER (the backup in this case)
-Steve S. Per-Olov Sjöholm wrote: > I had dmz4-dmz6 100% configured but no cables connected to the > switch. The carp interfaces for them were in "init" state as they > could not talk to each other. Although it all seemed to work as it > should for all other interfaces. This means all carp masters on the > primary server and all carp backups on the secondary server. > > But during a reboot of any of the firewalls or sometimes in random > one carp could change to backup and the other to master. But not on > all interfaces! I do not understand why not all networks with carp > were infected. Strange.... But as soon as did a "ifconfig carpNN > destroy" on both servers for the not connected interfaces the faulty > carp flipped back. > > So it seems everything have to be connected for 100% correct > function. I would very much appreciate if somebody could tell me why > not all carp interfaces flipped over? >
