Hi, Thanks for your replies.
carp.preempt is enabled on both firewalls. See this # sysctl -a | grep carp net.inet.carp.allow=1 net.inet.carp.preempt=1 net.inet.carp.log=1 net.inet.carp.arpbalance=0 Here is also the configuration of the carp interfaces FW1 /etc/hostname.carp1 inet 10.10.1.1 255.255.0.0 10.50.255.255 vhid 1 carpdev sis0 /etc/hostname.carp2 inet 67.113.45.130 255.255.255.224 67.113.45.159 vhid 2 carpdev sis1 inet alias 67.113.45.131 255.255.255.224 67.113.45.159 vhid 2 carpdev sis1 inet alias 67.113.45.132 255.255.255.224 67.113.45.159 vhid 2 carpdev sis1 inet alias 67.113.45.133 255.255.255.224 67.113.45.159 vhid 2 carpdev sis1 FW2 /etc/hostname.carp1 inet 10.10.1.1 255.255.0.0 10.50.255.255 vhid 1 carpdev sis0 advskew 128 /etc/hostname.carp2 inet 67.113.45.130 255.255.255.224 67.113.45.159 vhid 2 carpdev sis1 advskew 128 inet alias 67.113.45.131 255.255.255.224 67.113.45.159 vhid 2 carpdev sis1 advskew 128 inet alias 67.113.45.132 255.255.255.224 67.113.45.159 vhid 2 carpdev sis1 advskew 128 inet alias 67.113.45.133 255.255.255.224 67.113.45.159 vhid 2 carpdev sis1 advskew 128 Thanks one more time for your help --- On Thu, 8/7/08, Michael K. Smith - Adhost <[EMAIL PROTECTED]> wrote: > From: Michael K. Smith - Adhost <[EMAIL PROTECTED]> > Subject: RE: Problem with carp group failover > To: "Wadner Cadet" <[EMAIL PROTECTED]>, pf@benzedrine.cx > Date: Thursday, August 7, 2008, 4:12 PM > Hello Wadner: > > > -----Original Message----- > > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of > > Wadner Cadet > > Sent: Thursday, August 07, 2008 12:41 PM > > To: pf@benzedrine.cx > > Subject: Problem with carp group failover > > > > Hi, > > I am experiencing an issue with my two OpenBSD > firewalls. I have two carp > > interfaces (carp1 and carp2). On carp2, there are 6 ip > aliases (external ip > > addresses). The two carp interfaces belong to the same > carp group. When one > > carp interface fails, the other carp interface is not > shifted to fail, which > > means carp does not fail over as a group. This created > a big problem, one carp > > interface is master and the other one is backup on the > same host. > > > I think this will take care of it. Using sysctl, > > net.inet.carp.preempt: 1 > > Regards, > > Mike