short CARP Question

Started by c-mu, February 25, 2025, 09:30:02 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
February 25, 2025, 09:30:02 AM
In the past, I had CARP active with approx. 20-25 VLANs. As I had stability problems, I implemented the second firewall as a cold standby at some point and deactivated CARP.
Now I'm wondering what I did wrong a few years ago and am asking myself the following question:
If one of the VLAN changes the master status to slave, shouldn't all the other VLANs automatically change to slave as well, because otherwise I have a 'split brain problem'. This has never happened to me. It happened that one or more VLANs had the status slave, while the rest were still master.
What do you think?
Thank You!
February 25, 2025, 09:38:56 AM #1
Unless you activate "disable preemption" all interfaces should switch or none. So something was wrong, obviously.

You need the same device names on both firewalls and the assignments (LAN, OPT1, OPT2, ...) must be created in the exact same order on both. So e.g. vlan02 is OPT2 on both units etc.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
March 19, 2025, 09:20:09 AM #2 Last Edit: March 19, 2025, 09:26:16 AM by tofuSCHNITZEL
Quote from: c-mu on February 25, 2025, 09:30:02 AMIt happened that one or more VLANs had the status slave, while the rest were still master.

this was the case for me if the VLAN was not created on the switch(es) where the two firewalls are connected to. because these switches drop frames with (to them) unknown vlan tags so the firewalls could not "see" each other (the carp multicast) on these VLANs so both became master
Print
Go Up Pages1
User actions