CARP partial failover

Started by fandro, March 31, 2022, 05:19:16 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
March 31, 2022, 05:19:16 PM Last Edit: March 31, 2022, 05:21:07 PM by fandro
Hello everyone,
I have two DEC3860 appliances that I want to use as firewall/router in active/standby mode.
Configuration is the following:
- the two 10G fiber interfaces are configured in LAGG.
- on this LAGG there are ~10 VLAN configured, one of which is the WAN interface.
- for each VLAN an interface has been created, the interface has been configured with an IP address.
- for each interface a virtual IP address has been created.

High Availability is configured as follows on both nodes:
- Synchronize States: on
- Disable preempt: off
- Synchronize Interface: appliances are connected directly with a cable, a specific interface has been defined for this particular scope.

Configuration synchronization is working perfectly, the problem is if I go to "Interfaces" -> "Virtual IP" -> "Status" I see that certain "CARP Interfaces" are marked as "MASTER" on NODE-A while some are on NODE-B.
How can I force all CARP Interfaces to stick together so that they either stay all on NODE-A or NODE-B?
Thanks.
May 13, 2022, 09:06:33 AM #1
May 13, 2022, 02:29:11 PM #2 Last Edit: May 13, 2022, 02:38:05 PM by Grossartig
Try with the "disable preempt" option on the master unchecked and checked on the backup. And then restart both boxes.
May 25, 2022, 04:53:11 PM #3
Thanks for your suggestions guys.

Quote from: rainerle on May 13, 2022, 09:06:33 AM
LAGG and CARP....

https://forum.opnsense.org/index.php?topic=17894.msg85723#msg85723

This is interesting, I haven't tried without LAGG because I never thought it would actually be the issue.
Were you able to figure out a way to have CARP failover work properly with LAGG or did you completely gave up using it? This seems far from ideal.

Quote from: Grossartig on May 13, 2022, 02:29:11 PM
Try with the "disable preempt" option on the master unchecked and checked on the backup. And then restart both boxes.

Before opening this thread I read what you suggested on a few different places, unfortunately it doesn't seem to solve the issue in my case.
May 27, 2022, 07:26:37 PM #4
Quote from: fandro on May 25, 2022, 04:53:11 PM
Quote from: rainerle on May 13, 2022, 09:06:33 AM
LAGG and CARP....

https://forum.opnsense.org/index.php?topic=17894.msg85723#msg85723

This is interesting, I haven't tried without LAGG because I never thought it would actually be the issue.
Were you able to figure out a way to have CARP failover work properly with LAGG or did you completely gave up using it? This seems far from ideal.


I kept trying for a long time - everytime we needed to patch the swicth cluster we would loose our services.

The LAGG removal recommendation crossing the switches came from a consulting session with Deciso - after removing that it just works. We failover the switch - the firewall behind it looses connectivity - and the backup switch and firewall take over.
Print
Go Up Pages1
User actions