I'm going to start a new thread since I think this is a different issue.
I have a rule to allow all IPv4 from PFSYNC net to PFSYNC net. That
network is on a VLAN with only those two interfaces on it.
The failover and fail back works fine on all five CARP
interfaces/aliases if router1 is shut down, it enters CARP maintenance mode,
etc.
I think this is a bug that if the CARP skew setting syncs, something
happens to the backup so it has a blank Status and no longer considers itself
the Backup for that interface, and therefore failover does not happen.
(enabling CARP maintenance mode on router1 sets only the other four interfaces
to Backup status and the broken one remains Master).
Interesting to note, the breakage happens immediately upon editing the
router1 skew, before Apply Changes are clicked on router1. And, when router2's
CARP alias is in that state, setting the skew on router1 back to 0 does not
sync over to router2; its skew stays at 101. It's as if the link is broken.
--
Steve Yates
ITS, Inc.
ED Fochler wrote on Tue, Mar 24 2015 at 9:55 am:
> Steve,
> I have explicit multicast, network to network, and proto PFSYNC allow
> rules on my dedicated CARP interface, which MAY be unnecessary. And I
> remember the skew number being very picky, working correctly only in the 0 &
> 100 setting. At some point my CARP interfaces stopped getting out of sync, so
> I stopped troubleshooting.
>
> I do have 1 IP dedicated to each device + the CARP IP on each subnet and a
> dedicated direct cable between routers for CARP & sync traffic. My hardware
> is real, not virtual, so I hope that isn't what's hurting you. Good luck.
>
> ED.
>
>> On 2015, Mar 24, at 12:40 AM, Steve Yates <st...@teamits.com> wrote:
>>
>> I am not sure this is related but it is weird/bad...I got around to
>> setting
> the skew back to 0 for all CARP IPs on router1. pfSense (2.2.1) syncs the
> change to router2 so those skews change from 101 to 100. However
> afterwards router1 shows all five as Status of Master, and router2 shows all
> five with a blank Status. I must edit each of the five, save (without making
> changes) and only once changes are Applied the Status shows as Backup. That
> sounds like a configuration sync bug? I did see this when setting the skew
> from
> 0 to 1 earlier today and passed it off as I was clicking around a lot, but it
> seems
> to be repeatable.
>>
>> --
>> Steve
_______________________________________________
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold
