The ole CARP over LAGG "issue"

[hitechhillbilly]

So I have some firewalls that are using OPNsense based (non-LACP) load balancing based LAGG on OPNsense 20.1. I am also running two routers. The LAGG is hooked to two different switches. When I enter persistent CARP on the the "main" router or reboot it, the LAGG interfaces do not move to master on the "backup" router. I have put in the net.inet.carp.senderr_demotion_factor=0 and net.inet.carp.preempt=1 tunables but still no dice.

Am I missing something?

[mimugmail]

Anything in logs? How is cabling done?

[hitechhillbilly]

Anything in logs? How is cabling done?

Its actually a simple design. A simple mesh using host based LAGG.. Each router has one member of the LAGG on each switch.

Also nothing of note in logs.

[mimugmail]

It's more stable to connect fw1 on switch1 with lagged IF and fw2 to switch2

[hitechhillbilly]

This is still an issue. I have updated to 20.7 on both routers. I recabled the routers as suggested earlier.

[mimugmail]

Updated picture please

[hitechhillbilly]

Same issue as before. All interfaces (VLANS) on the LAGG do not fail over when the active router is rebooted.

[mimugmail]

Isnt the dc feed connected to the switch? How does carp work there?

[rainerle]

I had the same problem (https://forum.opnsense.org/index.php?topic=14374 ).

Can't you get rid of the lagg/LACP and separate the VLANs over the two connections?

Maybe something like
- LAN
- WAN
- internal VLANs
and each router is connected to one switch. As in the picture...

Datacenter feeds into a switchport on each switch first assigned to the same VLAN. If one feed fails both OPNsense still have access.