FRR loads with wrong metric on HA backup instance

[alfrisch]

Hi,

we have a HA setup in which we wan to have FRR (OSPF) turned on on both master and backup instances, i.e. "Enable CARP Failover" in General settings is disabled. Instead we have "CARP demote" turned on in OSPF settings and set costs for interfaces 100 in promoted and 1000 in demoted state, respectively.

In this setup, we have experienced routing problems with both master and backup appearing as equivalent routes at other routers via OSPF after the OPNsense configuration gets synced every night via the cron job. Turns out that also reloading FRR service will set the interface costs on the backup instance to wrong values, which shows up in the metric of routes of directly attached interfaces being 100 instead of expected 1000.

Triggering a CARP switch over fixes the problem as FRR on both master and backup instances will load correct costs again. Also rebooting the backup instances fixes the problem.

Pushing the FRR service reload button or waiting for the next config sync will make the problem appear again.

It seems to us as if the reloading of FRR service does not check the actual CARP state and loads costs for the master setting in any case.

Can anyone confirm this behavior or are we doing something fundamentally wrong with our setup?

We are running OPNsense 25.10.1_2-amd64 and can provide FRR logs if required.

Thanks for your help!
Cheers, Albert

[Monviech (Cedrik)]

This was merged recently:

https://github.com/opnsense/plugins/pull/4712

Maybe it applies cleanly, you can try via:

Code Select Expand

opnsense-patch https://github.com/opnsense/plugins/commit/8015cbf4bd5ac0bd6cf4c3e6f8a0f292c8af96b9