Strange Behaviour in OPNsense HA Cluster

Started by notc, July 10, 2025, 12:36:45 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
July 10, 2025, 12:36:45 PM
Hi all,

we have a OPNsense HA Cluster with 2 nodes. The HA and Virtual IPs are configured as recommended. Both Nodes are synchronizing their states via the same VLAN 101_CARP, dedicated to only do the sync. One Node got the .252 (Master) and the other the .253 (Backup). For the Virtual IPs every Node has the same Interface structure with the .252 on the Master and .253 on the Backup for every Interface and the .254 on both Nodes as the Virtual IP.

So here are my questions to some strange behaviours that i could observe in the past (fyi we are keeping the firmware up to date, so this behaviour exists quite some time).

1. We are using unicast to sync the states and when synchronizing my Config from the Master to the Backup Node, to be exact the Virtual IPs it sometimes happens that on the Master Node some CARP Virtual IPs are going to the state "disabled" and some are going to the state "master" on the Backup Node. --> This is often fixed if i restart the Master Node, but why is it this way? In some other threads i read that you shouldnt synchronize your CARP VIPs when using Unicast to Perform your sync thoughts about that?

2. When the Failover happens for example with the maintenance mode all interfaces switch directly to Backup except 1 interface that stays master for like 5 minutes and then also switches to backup. That means i got 1 interface that is master on both Nodes for a certain time.

3. When rebooting the backup Node it sometimes happens that following message is shown:
"CARP has detected a problem and this unit has been demoted to BACKUP status. Check link status on all interfaces with configured CARP VIPS"
This is fixed when i activate the maintenance mode and leave it immediately afterwards.

4. Why are the pfsync nodes not cleaning up themselves or how long does it take to do so, because after every reboot the host get a new hostid and it takes weeks for them to be cleaned up

All these things dont happen constantly and im thankful to every answer i get to any of my questions
Print
Go Up Pages1
User actions