OPNsense Forum

English Forums => General Discussion => Topic started by: hitechhillbilly on July 01, 2020, 06:55:09 am

Title: The ole CARP over LAGG "issue"
Post by: hitechhillbilly on July 01, 2020, 06:55:09 am
So I have some firewalls that are using OPNsense based (non-LACP) load balancing based LAGG on OPNsense 20.1. I am also running two routers. The LAGG is hooked to two different switches. When I enter persistent CARP on the the "main" router or reboot it, the LAGG interfaces do not move to master on the "backup" router. I have put in the net.inet.carp.senderr_demotion_factor=0 and net.inet.carp.preempt=1 tunables but still no dice.

Am I missing something?
Title: Re: The ole CARP over LAGG "issue"
Post by: mimugmail on July 01, 2020, 09:28:31 am
Anything in logs? How is cabling done?
Title: Re: The ole CARP over LAGG "issue"
Post by: hitechhillbilly on July 01, 2020, 07:48:11 pm
Anything in logs? How is cabling done?

Its actually a simple design. A simple mesh using host based LAGG.. Each router has one member of the LAGG on each switch.

Also nothing of note in logs.



Title: Re: The ole CARP over LAGG "issue"
Post by: mimugmail on July 01, 2020, 10:04:15 pm
It's more stable to connect fw1 on switch1 with lagged IF and fw2 to switch2
Title: Re: The ole CARP over LAGG "issue"
Post by: hitechhillbilly on August 14, 2020, 05:08:41 am
This is still an issue. I have updated to 20.7 on both routers. I recabled the routers as suggested earlier.
Title: Re: The ole CARP over LAGG "issue"
Post by: mimugmail on August 14, 2020, 08:40:02 am
Updated picture please
Title: Re: The ole CARP over LAGG "issue"
Post by: hitechhillbilly on August 17, 2020, 08:59:05 pm
Same issue as before. All interfaces (VLANS) on the LAGG do not fail over when the active router is rebooted.

Title: Re: The ole CARP over LAGG "issue"
Post by: mimugmail on August 17, 2020, 10:29:40 pm
Isnt the dc feed connected to the switch? How does carp work there?
Title: Re: The ole CARP over LAGG "issue"
Post by: rainerle on August 24, 2020, 11:17:38 pm
I had the same problem (https://forum.opnsense.org/index.php?topic=14374 ).

Can't you get rid of the lagg/LACP and separate the VLANs over the two connections?

Maybe something like
- LAN
- WAN
- internal VLANs
and each router is connected to one switch. As in the picture...

Datacenter feeds into a switchport on each switch first assigned to the same VLAN. If one feed fails both OPNsense still have access.

(https://forum.opnsense.org/index.php?action=dlattach;topic=14374.0;attach=11885;image)