OPNsense Forum

English Forums => High availability => Topic started by: fandro on March 31, 2022, 05:19:16 pm

Title: CARP partial failover
Post by: fandro on March 31, 2022, 05:19:16 pm

Hello everyone,
I have two DEC3860 appliances that I want to use as firewall/router in active/standby mode.
Configuration is the following:
- the two 10G fiber interfaces are configured in LAGG.
- on this LAGG there are ~10 VLAN configured, one of which is the WAN interface.
- for each VLAN an interface has been created, the interface has been configured with an IP address.
- for each interface a virtual IP address has been created.

High Availability is configured as follows on both nodes:
- Synchronize States: on
- Disable preempt: off
- Synchronize Interface: appliances are connected directly with a cable, a specific interface has been defined for this particular scope.

Configuration synchronization is working perfectly, the problem is if I go to "Interfaces" -> "Virtual IP" -> "Status" I see that certain "CARP Interfaces" are marked as "MASTER" on NODE-A while some are on NODE-B.
How can I force all CARP Interfaces to stick together so that they either stay all on NODE-A or NODE-B?
Thanks.

Title: Re: CARP partial failover
Post by: rainerle on May 13, 2022, 09:06:33 am

LAGG and CARP....

https://forum.opnsense.org/index.php?topic=17894.msg85723#msg85723

Title: Re: CARP partial failover
Post by: Grossartig on May 13, 2022, 02:29:11 pm

Try with the "disable preempt" option on the master unchecked and checked on the backup. And then restart both boxes.

Title: Re: CARP partial failover
Post by: fandro on May 25, 2022, 04:53:11 pm

Thanks for your suggestions guys.

Quote from: rainerle on May 13, 2022, 09:06:33 am

LAGG and CARP....

https://forum.opnsense.org/index.php?topic=17894.msg85723#msg85723

This is interesting, I haven't tried without LAGG because I never thought it would actually be the issue.
Were you able to figure out a way to have CARP failover work properly with LAGG or did you completely gave up using it? This seems far from ideal.

Quote from: Grossartig on May 13, 2022, 02:29:11 pm

Try with the "disable preempt" option on the master unchecked and checked on the backup. And then restart both boxes.

Before opening this thread I read what you suggested on a few different places, unfortunately it doesn't seem to solve the issue in my case.

Title: Re: CARP partial failover
Post by: rainerle on May 27, 2022, 07:26:37 pm

Quote from: fandro on May 25, 2022, 04:53:11 pm

Quote from: rainerle on May 13, 2022, 09:06:33 am

LAGG and CARP....

https://forum.opnsense.org/index.php?topic=17894.msg85723#msg85723

This is interesting, I haven't tried without LAGG because I never thought it would actually be the issue.
Were you able to figure out a way to have CARP failover work properly with LAGG or did you completely gave up using it? This seems far from ideal.

I kept trying for a long time - everytime we needed to patch the swicth cluster we would loose our services.

The LAGG removal recommendation crossing the switches came from a consulting session with Deciso - after removing that it just works. We failover the switch - the firewall behind it looses connectivity - and the backup switch and firewall take over.