OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Archive »
  • 18.1 Legacy Series »
  • CARP breaks haproxy health checks?
« previous next »
  • Print
Pages: [1]

Author Topic: CARP breaks haproxy health checks?  (Read 2172 times)

doug.dimick

  • Newbie
  • *
  • Posts: 17
  • Karma: 7
    • View Profile
CARP breaks haproxy health checks?
« on: March 10, 2018, 01:22:36 am »
I'm running two OPNsense 18.1.3 systems with LAN/WAN/DMZ interfaces and CARP VIP.

LAN CARP VIP 192.168.1.1/17
LAN OPNsense-1 192.168.1.2/17
LAN OPNsense-2 192.168.1.3/17

DMZ CARP VIP 192.168.254.1/24
DMZ OPNsense-1 192.168.254.2/24
DMZ OPNsense-2 192.168.254.3/24

I'm running haproxy only on my master OPNsense-1 system. When OPNsense-1 is running by itself, everything works great.

When I boot OPNsense-2, everything still works great except all my haproxy HTTP health checks running on OPNsense-1 fail.

If I shut down OPNsense-2, the haproxy HTTP health checks on OPNsense-1 immediately start working again.

All traffic through either OPNsense system works fine in both scenarios. The only thing that stops working are the haproxy health checks.

What could be causing this behavior?
Logged

doug.dimick

  • Newbie
  • *
  • Posts: 17
  • Karma: 7
    • View Profile
Re: CARP breaks haproxy health checks?
« Reply #1 on: March 27, 2018, 10:12:12 pm »
I still have no solution for this. I've rebuilt my backup opnsense from scratch and it still behaves exactly the same.

Is anyone running both carp and haproxy successfully?
Logged

doug.dimick

  • Newbie
  • *
  • Posts: 17
  • Karma: 7
    • View Profile
Re: CARP breaks haproxy health checks?
« Reply #2 on: April 02, 2018, 07:44:22 am »
I've narrowed this down to having Netflow enabled and capturing local on both master/backup. As soon as you enable it on the backup, the HAproxy health checks on the master immediately fail. Disable Netflow on the backup, and they immediately start working again.

Steps to reproduce:

1. Run two instances of OPNsense.
2. Configure high availability (I'm using CARP and XMLRPC sync, but I am not using states sync).
3. Configure HAproxy on the primary. Observe that health checks show your backends/frontends as UP.
4. Enable Netflow on master.
5. Observe that HAproxy health checks still work.
6. Enable Netflow on backup.
7. Observe that HAproxy health checks now show your backends/frontends as DOWN.
Logged

  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • Archive »
  • 18.1 Legacy Series »
  • CARP breaks haproxy health checks?
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2023 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy
    | XHTML | RSS | WAP2