1
High availability / Default gateway lost on CARP master after failback #4977
« on: May 10, 2021, 09:34:19 am »
Hi everybody,
this is a thread made to discuss the issue #4977.
Our situation:
We have a small cluster of two identical opnsense boxes.
Several interfaces have virtual IP addresses.
On the WAN interface we have one official /30 virtual IPv4 address.
That's the reason we configured private IPv4 addresses statically to the interface (10.A.B.C/24).
It seems necessary to have IPv4 addresses configured to the WAN interfaces for the CARP to work correctly. (Why?)
The problem:
When the master node (A) loses the connection the backup node (B) takes over all the virtual IPs as expected.
When the node A receives the connection again it becomes master again but removes the default route from the WAN interface.
A solution(?):
The suggestion of my colleague now is, that this is because we didn't made the hook on the "Far Gateway" setting for this gateway. The default route is removed, because there is only a private IPv4 address fixed on the WAN that is in a different net than the gateway.
The check for the gateway being on a net that is reachable by the interface seems to be made before the virtual IP is bound to the interface. (Maybe this could be changed?)
We will test, if the hook on "Far Gateway" has an effect in our sense, tomorrow.
Thanks and best regards,
Lars
this is a thread made to discuss the issue #4977.
Our situation:
We have a small cluster of two identical opnsense boxes.
Several interfaces have virtual IP addresses.
On the WAN interface we have one official /30 virtual IPv4 address.
That's the reason we configured private IPv4 addresses statically to the interface (10.A.B.C/24).
It seems necessary to have IPv4 addresses configured to the WAN interfaces for the CARP to work correctly. (Why?)
The problem:
When the master node (A) loses the connection the backup node (B) takes over all the virtual IPs as expected.
When the node A receives the connection again it becomes master again but removes the default route from the WAN interface.
A solution(?):
The suggestion of my colleague now is, that this is because we didn't made the hook on the "Far Gateway" setting for this gateway. The default route is removed, because there is only a private IPv4 address fixed on the WAN that is in a different net than the gateway.
The check for the gateway being on a net that is reachable by the interface seems to be made before the virtual IP is bound to the interface. (Maybe this could be changed?)
We will test, if the hook on "Far Gateway" has an effect in our sense, tomorrow.
Thanks and best regards,
Lars