Hi,
We have the problem that Carp switches sporadically to the backup OPNsense for certain addresses.
And the Gateway shown offline. When i restart the dping servicen on the for this gateway it comes online on the Backup.
Interfaces are set the same on both systems and are also plugged in the same way.
Suricata is on, IPS mode is enabled and also the Promiscuous mode. Hardware CRC, Hardware TSO, Hardware LRO, VLAN Hardware Filtering are disabled. ARP handling is not suppressable on "ARP messages"
On the OPNsense1-1, synchronization is set up to the OPNsense1-2. preempt is disabled.
On the OPNsense1-2 the status synchronization is checked and the IP address of the sync network of the OPNsense1-1 is entered. preempt is activated.
OPNsense1-1 and OPNsense1-2 are directly connected with a patch cable on igb0
In the attachment you can find the system logs and screenshots unfortunately I have not been able to find the source of the error.
QuoteOPNsense1-1 (Master):
Versionen OPNsense 20.1.6-amd64
FreeBSD 11.2-RELEASE-p19-HBSD
OpenSSL 1.1.1g 21 Apr 2020
CPU-Typ Intel(R) Xeon(R) Silver 4114 CPU @ 2.20GHz (20 cores)
and
QuoteOPNsense1-1 (Backup):
Versionen OPNsense 20.1.6-amd64
FreeBSD 11.2-RELEASE-p19-HBSD
OpenSSL 1.1.1g 21 Apr 2020
CPU-Typ Intel(R) Xeon(R) Silver 4114 CPU @ 2.20GHz (20 cores)
On each OPNsense following Interfaces:
Quote1N Schnittstelle (opt7, igb1)
DMZ Schnittstelle (opt2, ix0_vlan8)
Demo Schnittstelle (opt3, ix0_vlan9)
LAN Schnittstelle (lan, ix0)
SQL Schnittstelle (opt8, ix0_vlan17)
SYNC Schnittstelle (opt1, igb0)
TCOMPCO1 Schnittstelle (opt5, ix3)
TCOMPCO2 Schnittstelle (opt6, igb3)
UNITY Schnittstelle (wan, igb2)
VMNetz Schnittstelle (opt4, ix0_vlan128)
Carp:
OPNsense1-1:
Quote192.168.8.251/24 (vhid 1 , freq. 1 / 0) DMZ CARP DMZ
10.255.255.251/9 (vhid 2 , freq. 1 / 0) VMNetz CARP VMNetz
172.20.8.251/24 (vhid 3 , freq. 1 / 0) Demo CARP Sandbox
192.168.7.251/24 (vhid 4 , freq. 1 / 0) LAN CARP LAN
37.24.96.70/29 (vhid 5 , freq. 1 / 0) UNITY CARP UNITY
37.24.96.69/29 (vhid 6 , freq. 1 / 0) UNITY CARP UNITY
194.25.93.139/29 (vhid 7 , freq. 1 / 0) TCOMPCO1 CARP TCOMPCO
194.25.44.171/29 (vhid 8 , freq. 1 / 0) TCOMPCO2 CARP TCOMPCO2
194.25.44.172/29 (vhid 9 , freq. 1 / 0) TCOMPCO2 CARP TCOMPCO2
172.16.1.254/24 (vhid 10 , freq. 1 / 0) LAN CARP HV
37.24.96.68/29 (vhid 11 , freq. 1 / 0) UNITY CARP UNITY
194.25.93.138/29 (vhid 12 , freq. 1 / 0) TCOMPCO1 CARP TCOMPCO
194.25.93.141/29 (vhid 13 , freq. 1 / 0) TCOMPCO1 CARP TCOMPCO
192.168.1.251/24 (vhid 14 , freq. 1 / 0) LAN CARP WSUS
192.168.0.251/24 (vhid 15 , freq. 1 / 0) LAN CARP Mgmt
185.239.82.15/31 (vhid 16 , freq. 1 / 0) 1N CARP 1N
192.168.2.254/24 (vhid 17 , freq. 1 / 0) LAN CARP asvdc.de
172.17.1.254/24 (vhid 18 , freq. 1 / 0) SQL CARP SQL
OPNsense1-2:
Quote192.168.8.251/24 (vhid 1 , freq. 1 / 100) DMZ CARP DMZ
10.255.255.251/9 (vhid 2 , freq. 1 / 100) VMNetz CARP VMNetz
172.20.8.251/24 (vhid 3 , freq. 1 / 100) Demo CARP Sandbox
192.168.7.251/24 (vhid 4 , freq. 1 / 100) LAN CARP LAN
37.24.96.70/29 (vhid 5 , freq. 1 / 100) UNITY CARP UNITY
37.24.96.69/29 (vhid 6 , freq. 1 / 100) UNITY CARP UNITY
194.25.93.139/29 (vhid 7 , freq. 1 / 100) TCOMPCO1 CARP TCOMPCO
194.25.44.171/29 (vhid 8 , freq. 1 / 100) TCOMPCO2 CARP TCOMPCO2
194.25.44.172/29 (vhid 9 , freq. 1 / 100) TCOMPCO2 CARP TCOMPCO2
172.16.1.254/24 (vhid 10 , freq. 1 / 100) LAN CARP HV
37.24.96.68/29 (vhid 11 , freq. 1 / 100) UNITY CARP UNITY
194.25.93.138/29 (vhid 12 , freq. 1 / 100) TCOMPCO1 CARP TCOMPCO
194.25.93.141/29 (vhid 13 , freq. 1 / 100) TCOMPCO1 CARP TCOMPCO
192.168.1.251/24 (vhid 14 , freq. 1 / 100) LAN CARP WSUS
192.168.0.251/24 (vhid 15 , freq. 1 / 100) LAN CARP Mgmt
185.239.82.15/31 (vhid 16 , freq. 1 / 100) 1N CARP 1N
192.168.2.254/24 (vhid 17 , freq. 1 / 100) LAN CARP asvdc.de
172.17.1.254/24 (vhid 18 , freq. 1 / 100) SQL CARP SQL