OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Archive »
  • 18.7 Legacy Series »
  • CARP failing over (and activating addresses) before settings are applied.
« previous next »
  • Print
Pages: [1]

Author Topic: CARP failing over (and activating addresses) before settings are applied.  (Read 1647 times)

noses

  • Newbie
  • *
  • Posts: 4
  • Karma: 0
    • View Profile
CARP failing over (and activating addresses) before settings are applied.
« on: November 21, 2018, 01:05:19 pm »
Version 18.7.7 (and probably in all versions before because nobody ever looked at it)

Try:

1) Set up a set of paired OPNsenses.
2) Start adding CARP interfaces on the master but do not apply changes (e. g. because you want to have them created all at once as you are working in a live environment).
3) Take a look at Firewall->Virtual IPs->Status on the backup machine.

You will find it to be master for all the new interfaces you created.

This thoroughly cramped my style... I wanted to set up the final pieces on the replacement router by adding all the CARP interfaces to take over the router IP addresses across a collection of separate network segments at once and suddenly around me chaos broke out because the backup machine started messing up ARP tables by becoming active.

If this is an intentional feature it should be documented in a highly visible place... And if this is the intention what is the "Apply changes" button intended for?


Achim
« Last Edit: November 21, 2018, 01:06:53 pm by noses »
Logged

AdSchellevis

  • Administrator
  • Hero Member
  • *****
  • Posts: 849
  • Karma: 163
    • View Profile
Re: CARP failing over (and activating addresses) before settings are applied.
« Reply #1 on: November 21, 2018, 06:27:10 pm »
Can you create an issue on GitHub for this (https://github.com/opnsense/core), this looks like old behaviour we should change....

When writing the config, it calls :
https://github.com/opnsense/core/blob/9634dc64fc0b1deb019563994af51b47ce29d08d/src/etc/inc/config.inc#L164


Which then calls:
https://github.com/opnsense/core/blob/9634dc64fc0b1deb019563994af51b47ce29d08d/src/etc/rc.filter_synchronize#L168


And triggers a setup on the backup:
https://github.com/opnsense/core/blob/9634dc64fc0b1deb019563994af51b47ce29d08d/src/etc/inc/xmlrpc/legacy.inc#L200-L234


I think we should skip the whole sync on config write idea in 19.1 and leave it up to the user, since we have a status page for this now so we avoid changes being made which may lead to an invalid configuration.
Logged

  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • Archive »
  • 18.7 Legacy Series »
  • CARP failing over (and activating addresses) before settings are applied.
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2023 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy
    | XHTML | RSS | WAP2