I have a simple a simple 2 node LAN/WAN setup, but it looks like having the CARP VIP/being master on node1 or node2 is on the interface level and not global.
If I unplugged the WAN cable from node1 I can see the CARP master role for WAN moving from node1 to node2. However, node1 still is master on the LAN, responding on the LAN CARP VIP.
To me this split situations seems weird en incorrect, causing the LAN<->WAN traffic to halt. Shouldn't all interfaces move at same time from master to slave and vice versa? Can't see how this should work if that's not the case.
What am I missing here? Did I just misconfigure something? I followed guide at https://docs.opnsense.org/manual/how-tos/carp.html
Disable Preempt is NOT checked! That should be the setting controlling this, right? So preempt is enabled and this should group all VIPs and move all at the same time AFAIKS.
CARP similar to VRRP, works and failovers per its VHID Group. As long there is a heartbeat ongoing between master and backup e.g Backup receives response from Master, the fail-over will not happen.
The "preempt" controls actually the fallback back to configured master. Meaning if master that is configured to be master coems back online "preempt" makes sure the VIP moves back to it.
Reading in BSD docs, "preempt" here has as well additional function.
Quotefailover all of the addresses running carp together, when one of the
physical interfaces goes down. This is achieved by the use of the pre-
empt option. Enable it on both hosts A and B:
sysctl net.inet.carp.preempt=1
Assume that host A is the preferred master and we are running the
192.168.1.0/24 prefix on em0 and 192.168.2.0/24 on em1. This is the
setup for host A (advskew is above 0 so it could be overwritten in the
emergency situation from the other host):
ifconfig em0 vhid 1 advskew 100 pass mekmitasdigoat 192.168.1.1/24
ifconfig em1 vhid 2 advskew 100 pass mekmitasdigoat 192.168.2.1/24
The setup for host B is identical, but it has a higher advskew:
ifconfig em0 vhid 1 advskew 200 pass mekmitasdigoat 192.168.1.1/24
ifconfig em1 vhid 2 advskew 200 pass mekmitasdigoat 192.168.2.1/24
When one of the physical interfaces of host A fails, advskew is demoted
to a configured value on all its carp vhids. Due to the preempt op-
tion, host B would start announcing itself, and thus preempt host A on
both interfaces instead of just the failed one.
Do you have it properly configured?
Regards,
S.
Well, I believe if Disable Preempt is NOT checked, net.inet.carp.preempt=1 is set under the hood?
Have never seen any documentation instructing to set this yourself.
From a sysctl -a | grep "net.inet.carp"
I can see this even see:
net.inet.carp.preempt: 1
So that looks ok to me. But despite that, it' s not working as expected as only the affected interface fails over.