HA not switching for all interfaces at the same time to other node

Started by wickeren, May 24, 2025, 12:52:53 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
May 24, 2025, 12:52:53 AM Last Edit: May 24, 2025, 01:19:01 AM by wickeren
I have a simple a simple 2 node LAN/WAN setup, but it looks like having the CARP VIP/being master on node1 or node2 is on the interface level and not global.
If I unplugged the WAN cable from node1 I can see the CARP master role for WAN moving from node1 to node2. However, node1 still is master on the LAN, responding on the LAN CARP VIP.
To me this split situations seems weird en incorrect, causing the LAN<->WAN traffic to halt. Shouldn't all interfaces move at same time from master to slave and vice versa? Can't see how this should work if that's not the case.

What am I missing here? Did I just misconfigure something? I followed guide at https://docs.opnsense.org/manual/how-tos/carp.html

Disable Preempt is NOT checked! That should be the setting controlling this, right? So preempt is enabled and this should group all VIPs and move all at the same time AFAIKS.
May 24, 2025, 01:21:21 AM #1 Last Edit: May 24, 2025, 01:33:28 AM by Seimus
CARP similar to VRRP, works and failovers per its VHID Group. As long there is a heartbeat ongoing between master and backup e.g Backup receives response from Master, the fail-over will not happen.

The "preempt" controls actually the fallback back to configured master. Meaning if master that is configured to be master coems back online "preempt" makes sure the VIP moves back to it.


Reading in BSD docs, "preempt" here has as well additional function.

Quotefailover    all  of  the addresses   running   carp together, when one   of the
       physical   interfaces goes   down.  This is achieved   by the use of the pre-
       empt option.  Enable it on both hosts A and B:

        sysctl net.inet.carp.preempt=1

       Assume that host   A is the preferred  master  and    we  are  running  the
       192.168.1.0/24  prefix  on  em0 and 192.168.2.0/24 on em1.  This   is the
       setup for host A   (advskew is above 0 so it could   be overwritten in  the
       emergency situation from   the other host):

        ifconfig em0 vhid 1 advskew 100 pass mekmitasdigoat 192.168.1.1/24
        ifconfig em1 vhid 2 advskew 100 pass mekmitasdigoat 192.168.2.1/24

       The setup for host B is identical, but it has a higher advskew:

        ifconfig em0 vhid 1 advskew 200 pass mekmitasdigoat 192.168.1.1/24
        ifconfig em1 vhid 2 advskew 200 pass mekmitasdigoat 192.168.2.1/24

       When one   of the physical   interfaces of host A fails, advskew is demoted
       to  a  configured  value   on all its carp   vhids.   Due to the preempt op-
       tion, host B would start   announcing itself, and thus preempt host A  on
       both interfaces instead of just the failed one.

Do you have it properly configured?

Regards,
S.
Networking is love. You may hate it, but in the end, you always come back to it.

OPNSense HW
APU2D2 - deceased
N5105 - i226-V | Patriot 2x8G 3200 DDR4 | L 790 512G - VM HA(SOON)
N100   - i226-V | Crucial 16G  4800 DDR5 | S 980 500G - PROD
May 29, 2025, 11:54:12 PM #2 Last Edit: May 30, 2025, 12:16:37 AM by wickeren
Well, I believe if Disable Preempt is NOT checked, net.inet.carp.preempt=1 is set under the hood?
Have never seen any documentation instructing to set this yourself.

From a sysctl -a | grep "net.inet.carp"
I can see this even see:
net.inet.carp.preempt: 1

So that looks ok to me. But despite that, it' s not working as expected as only the affected interface fails over.
Print
Go Up Pages1
User actions