OPNsense Forum

English Forums => High availability => Topic started by: raghunath.nagepalli on September 15, 2022, 08:51:38 pm

Title: CARP split brian issues
Post by: raghunath.nagepalli on September 15, 2022, 08:51:38 pm
Hello Experts,
I'm from Nutanix, and we are using OPNsense for one of the VPCs (internal to Nutanix, not AWS). We are observing that at certain intervals, the status of WAN and LAN CARP interfaces splits from Master in one Firewall and backup in another.

Expected behavior: Both the interfaces should always be in Master status in Primary Firewall
Ongoing behavior: Abruptly demotes the status from Master to Backup

Does anyone know what could be the reason and tips to solve to solve this issue? Is this related to version (version being used - OPNsense 22.7.4-amd64)?
Title: Re: CARP split brian issues
Post by: mimugmail on September 16, 2022, 08:45:16 am
Screenshots of HA settings of both FWs and logs please
Title: Re: CARP split brian issues
Post by: rainerle on October 14, 2022, 02:42:31 pm
Are you using LAGG network devices in your setup? Just don't.

Cabeling proposal:
(https://forum.opnsense.org/index.php?action=dlattach;topic=14374.0;attach=11885;image)


Title: Re: CARP split brian issues
Post by: Patrick M. Hausen on October 14, 2022, 06:02:43 pm
@rainerle - why?

My main systems use lagg to connect to the layer 2 infrastructure and VLANs for all interfaces. No issues with CARP whatsoever. Only the HA sync interface is just a direct cable.
Title: Re: CARP split brian issues
Post by: rainerle on October 24, 2022, 09:31:56 am
@pmhausen
So you have one leg of the LAGG to one switch and another leg to the other switch.
Check what happens when you reboot one switch - I had only problems...
https://forum.opnsense.org/index.php?topic=14374.0 (https://forum.opnsense.org/index.php?topic=14374.0)
Title: Re: CARP split brian issues
Post by: Patrick M. Hausen on October 24, 2022, 12:09:52 pm
The switches need to esplicitly support multi chassis LACP. The feature is also called "stacking".

If they don't, that would explain the problems you observe.

Title: Re: CARP split brian issues
Post by: rainerle on October 31, 2022, 11:25:37 am
I do expect our Huawei CE6810-32T16S4Q-LI switches to support stacking. At least the documentation says so...
https://support.huawei.com/enterprise/en/doc/EDOC1100137947/4154cda5/stacked-device-and-version-requirements
Title: Re: CARP split brian issues
Post by: nzkiwi68 on November 20, 2022, 09:12:57 pm
I would slow down your CARP messages. The stacking might be working, but, occasionally be a "bit too slow".

Set on each of the CARP virtual IPs base 2 or 3. That is slowing down the CARP to 2 or 3 seconds and see if you then get stability.

Interfaces: Virtual IPs: Settings
Advertising Frequency - Base