FRR loads with wrong metric on HA backup instance

Started by alfrisch, January 09, 2026, 05:11:36 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
January 09, 2026, 05:11:36 PM Last Edit: January 09, 2026, 05:16:07 PM by alfrisch
Hi,

we have a HA setup in which we wan to have FRR (OSPF) turned on on both master and backup instances, i.e. "Enable CARP Failover" in General settings is disabled. Instead we have "CARP demote" turned on in OSPF settings and set costs for interfaces 100 in promoted and 1000 in demoted state, respectively.

In this setup, we have experienced routing problems with both master and backup appearing as equivalent routes at other routers via OSPF after the OPNsense configuration gets synced every night via the cron job. Turns out that also reloading FRR service will set the interface costs on the backup instance to wrong values, which shows up in the metric of routes of directly attached interfaces being 100 instead of expected 1000.

Triggering a CARP switch over fixes the problem as FRR on both master and backup instances will load correct costs again. Also rebooting the backup instances fixes the problem.

Pushing the FRR service reload button or waiting for the next config sync will make the problem appear again.

It seems to us as if the reloading of FRR service does not check the actual CARP state and loads costs for the master setting in any case.

Can anyone confirm this behavior or are we doing something fundamentally wrong with our setup?

We are running OPNsense 25.10.1_2-amd64 and can provide FRR logs if required.

Thanks for your help!
Cheers, Albert
January 09, 2026, 06:26:29 PM #1
This was merged recently:

https://github.com/opnsense/plugins/pull/4712

Maybe it applies cleanly, you can try via:

Code Select
opnsense-patch https://github.com/opnsense/plugins/commit/8015cbf4bd5ac0bd6cf4c3e6f8a0f292c8af96b9
Hardware:
DEC740
Today at 11:26:46 AM #2 Last Edit: Today at 11:31:50 AM by alfrisch
thanks for pointing me to the patch!

I tried it and the `carp_event_handler` script seems to do it's job, but it is only triggered on reload, while FRR will carry out a restart when clicking the service restart button in the UI and when the HA config sync is triggered.

Am I missing a follow-up patch here?
Today at 11:41:13 AM #3 Last Edit: Today at 11:43:04 AM by Monviech (Cedrik)
Without knowing the full picture you can try to add this to the start action as well?

https://github.com/opnsense/plugins/blob/6ef3face701b8226e1a7109aff6ec428dbb04b21/net/frr/src/opnsense/service/conf/actions.d/actions_quagga.conf#L21

You can find that file in:

/usr/local/opnsense/service/conf/actions.d/actions_quagga.conf

Code Select
command:/usr/local/etc/rc.d/frr start; /usr/local/opnsense/scripts/frr/carp_event_handler
Right now there is no follow up patch, if there is any issue please write in the original PR if the above still needs to be fixed, link your forum post.
Hardware:
DEC740
Today at 03:37:47 PM #4
OK great, I just added it to the restart event and mentioned so in the PR
Today at 03:53:25 PM #5
Thanks, I think this would be it?

https://github.com/opnsense/plugins/pull/5132
Hardware:
DEC740
Print
Go Up Pages1
User actions