Re: [pfSense] CARP Demotion Not Working
But think of the time you would have wasted instead. Just trading a little pride for time. Seems like a good deal most times. On Nov 3, 2017, 15:02, at 15:02, Andrew Kester wrote: >Actually, it looks like Node B was indeed in maintenance mode. Setting > >it back to normal seems to have resolved the problem. > >(That always seems to happen: send mail to a mailing list and it's >something silly on my end) > >--- >Thanks! > >Andrew Kester >The Storehouse >https://sthse.co > >On 11/3/17 11:23 AM, Steve Yates wrote: >> Are you using the "enter persistent maintenance mode" here? I'm >trying to remember when I looked at this a couple years ago but overall >if we shut down node A, node B takes over, and when A boots up it >becomes Master again. However if I enter maintenance mode first >(forcing B to Master) then B stays as Master after A comes up again. >> >> I have seen the occasional situation where we exit maintenance mode >and the IPv6 CARP WAN IP ends up with *both* routers showing as Master, >but at that point I restart node B and it clears out (we have CARP IPs >for two LANs and a WAN, and both IPv4 and IPv6, on two virtualized >routers). >> >> -- >> >> Steve Yates >> ITS, Inc. >> >> -Original Message- >> From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of >Andrew Kester >> Sent: Friday, November 3, 2017 10:49 AM >> To: list@lists.pfsense.org >> Subject: Re: [pfSense] CARP Demotion Not Working >> >> An update on this, if the master node is rebooted during a failure, >the >> secondary node takes cover correctly and remains the master as would >be >> expected. >> >> This makes me think that the priority is set correctly but the second >> node for some reason isn't honoring the advskew set by the master >correctly. >> >> To illustrate what I mean- >> >> --- >> | Node A | Node B | >> --- >> | M M| B B| Normal, Node A is master on all CARP IP's >> | M X| B M| Failure, incorrect though. Node B should be >master. >> | - -| M M| Node A Offline, B takes over as master correctly >> | B X| M M| After restart, correct behavior. Node B is >master. >> --- >> M - Master >> X - Down >> B - Backup >> >> I've also ran through the CARP troubleshooting guide here to no >avail. >> https://doc.pfsense.org/index.php/CARP_Configuration_Troubleshooting >> >> Let me know if you need more information or clarification, I'm not >sure >> the best way to illustrate / communicate my problem. >> >> --- >> Thanks, >> >> Andrew Kester >> The Storehouse >> https://sthse.co >> >> On 11/1/17 3:30 PM, Andrew Kester wrote: >>> Hi List, >>> >>> I'm having an issue with CARP preempt. I have two pfSense machines >>> running 2.4.1-RELEASE. CARP fails over all individual IPs >correctly, >>> but doesn't preempt correctly in the case of a single failure. >>> >>> On both machines, I've checked that net.inet.carp.preempt is >enabled. >>> The master appears to be detecting the demotion, as it sets >>> net.inet.carp.demotion to 240 during a failure, but ifconfig still >>> reports advskew as 0. >>> >>> I'm not 100% sure if that number should update, or if the demotion >>> number is added to the advskew reported by ifconfig. >>> >>> Relevent sysctl, ifconfig, and log output taken from the master >firewall >>> during a failure is attached. >>> >>> Any help is greatly appreciated! >>> >>> --- >>> Thanks, >>> >>> Andrew Kester >>> The Storehouse >>> https://sthse.co >>> >>> >>> ___ >>> pfSense mailing list >>> https://lists.pfsense.org/mailman/listinfo/list >>> Support the project with Gold! https://pfsense.org/gold >>> >> ___ >> pfSense mailing list >> https://lists.pfsense.org/mailman/listinfo/list >> Support the project with Gold! https://pfsense.org/gold >> ___ >> pfSense mailing list >> https://lists.pfsense.org/mailman/listinfo/list >> Support the project with Gold! https://pfsense.org/gold >> >___ >pfSense mailing list >https://lists.pfsense.org/mailman/listinfo/list >Support the project with Gold! https://pfsense.org/gold ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] CARP Demotion Not Working
Actually, it looks like Node B was indeed in maintenance mode. Setting it back to normal seems to have resolved the problem. (That always seems to happen: send mail to a mailing list and it's something silly on my end) --- Thanks! Andrew Kester The Storehouse https://sthse.co On 11/3/17 11:23 AM, Steve Yates wrote: Are you using the "enter persistent maintenance mode" here? I'm trying to remember when I looked at this a couple years ago but overall if we shut down node A, node B takes over, and when A boots up it becomes Master again. However if I enter maintenance mode first (forcing B to Master) then B stays as Master after A comes up again. I have seen the occasional situation where we exit maintenance mode and the IPv6 CARP WAN IP ends up with *both* routers showing as Master, but at that point I restart node B and it clears out (we have CARP IPs for two LANs and a WAN, and both IPv4 and IPv6, on two virtualized routers). -- Steve Yates ITS, Inc. -Original Message- From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Andrew Kester Sent: Friday, November 3, 2017 10:49 AM To: list@lists.pfsense.org Subject: Re: [pfSense] CARP Demotion Not Working An update on this, if the master node is rebooted during a failure, the secondary node takes cover correctly and remains the master as would be expected. This makes me think that the priority is set correctly but the second node for some reason isn't honoring the advskew set by the master correctly. To illustrate what I mean- --- | Node A | Node B | --- | M M| B B| Normal, Node A is master on all CARP IP's | M X| B M| Failure, incorrect though. Node B should be master. | - -| M M| Node A Offline, B takes over as master correctly | B X| M M| After restart, correct behavior. Node B is master. --- M - Master X - Down B - Backup I've also ran through the CARP troubleshooting guide here to no avail. https://doc.pfsense.org/index.php/CARP_Configuration_Troubleshooting Let me know if you need more information or clarification, I'm not sure the best way to illustrate / communicate my problem. --- Thanks, Andrew Kester The Storehouse https://sthse.co On 11/1/17 3:30 PM, Andrew Kester wrote: Hi List, I'm having an issue with CARP preempt. I have two pfSense machines running 2.4.1-RELEASE. CARP fails over all individual IPs correctly, but doesn't preempt correctly in the case of a single failure. On both machines, I've checked that net.inet.carp.preempt is enabled. The master appears to be detecting the demotion, as it sets net.inet.carp.demotion to 240 during a failure, but ifconfig still reports advskew as 0. I'm not 100% sure if that number should update, or if the demotion number is added to the advskew reported by ifconfig. Relevent sysctl, ifconfig, and log output taken from the master firewall during a failure is attached. Any help is greatly appreciated! --- Thanks, Andrew Kester The Storehouse https://sthse.co ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] CARP Demotion Not Working
Are you using the "enter persistent maintenance mode" here? I'm trying to remember when I looked at this a couple years ago but overall if we shut down node A, node B takes over, and when A boots up it becomes Master again. However if I enter maintenance mode first (forcing B to Master) then B stays as Master after A comes up again. I have seen the occasional situation where we exit maintenance mode and the IPv6 CARP WAN IP ends up with *both* routers showing as Master, but at that point I restart node B and it clears out (we have CARP IPs for two LANs and a WAN, and both IPv4 and IPv6, on two virtualized routers). -- Steve Yates ITS, Inc. -Original Message- From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Andrew Kester Sent: Friday, November 3, 2017 10:49 AM To: list@lists.pfsense.org Subject: Re: [pfSense] CARP Demotion Not Working An update on this, if the master node is rebooted during a failure, the secondary node takes cover correctly and remains the master as would be expected. This makes me think that the priority is set correctly but the second node for some reason isn't honoring the advskew set by the master correctly. To illustrate what I mean- --- | Node A | Node B | --- | M M| B B| Normal, Node A is master on all CARP IP's | M X| B M| Failure, incorrect though. Node B should be master. | - -| M M| Node A Offline, B takes over as master correctly | B X| M M| After restart, correct behavior. Node B is master. --- M - Master X - Down B - Backup I've also ran through the CARP troubleshooting guide here to no avail. https://doc.pfsense.org/index.php/CARP_Configuration_Troubleshooting Let me know if you need more information or clarification, I'm not sure the best way to illustrate / communicate my problem. --- Thanks, Andrew Kester The Storehouse https://sthse.co On 11/1/17 3:30 PM, Andrew Kester wrote: > Hi List, > > I'm having an issue with CARP preempt. I have two pfSense machines > running 2.4.1-RELEASE. CARP fails over all individual IPs correctly, > but doesn't preempt correctly in the case of a single failure. > > On both machines, I've checked that net.inet.carp.preempt is enabled. > The master appears to be detecting the demotion, as it sets > net.inet.carp.demotion to 240 during a failure, but ifconfig still > reports advskew as 0. > > I'm not 100% sure if that number should update, or if the demotion > number is added to the advskew reported by ifconfig. > > Relevent sysctl, ifconfig, and log output taken from the master firewall > during a failure is attached. > > Any help is greatly appreciated! > > --- > Thanks, > > Andrew Kester > The Storehouse > https://sthse.co > > > ___ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > Support the project with Gold! https://pfsense.org/gold > ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] CARP Demotion Not Working
An update on this, if the master node is rebooted during a failure, the secondary node takes cover correctly and remains the master as would be expected. This makes me think that the priority is set correctly but the second node for some reason isn't honoring the advskew set by the master correctly. To illustrate what I mean- --- | Node A | Node B | --- | M M| B B| Normal, Node A is master on all CARP IP's | M X| B M| Failure, incorrect though. Node B should be master. | - -| M M| Node A Offline, B takes over as master correctly | B X| M M| After restart, correct behavior. Node B is master. --- M - Master X - Down B - Backup I've also ran through the CARP troubleshooting guide here to no avail. https://doc.pfsense.org/index.php/CARP_Configuration_Troubleshooting Let me know if you need more information or clarification, I'm not sure the best way to illustrate / communicate my problem. --- Thanks, Andrew Kester The Storehouse https://sthse.co On 11/1/17 3:30 PM, Andrew Kester wrote: Hi List, I'm having an issue with CARP preempt. I have two pfSense machines running 2.4.1-RELEASE. CARP fails over all individual IPs correctly, but doesn't preempt correctly in the case of a single failure. On both machines, I've checked that net.inet.carp.preempt is enabled. The master appears to be detecting the demotion, as it sets net.inet.carp.demotion to 240 during a failure, but ifconfig still reports advskew as 0. I'm not 100% sure if that number should update, or if the demotion number is added to the advskew reported by ifconfig. Relevent sysctl, ifconfig, and log output taken from the master firewall during a failure is attached. Any help is greatly appreciated! --- Thanks, Andrew Kester The Storehouse https://sthse.co ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
[pfSense] CARP Demotion Not Working
Hi List, I'm having an issue with CARP preempt. I have two pfSense machines running 2.4.1-RELEASE. CARP fails over all individual IPs correctly, but doesn't preempt correctly in the case of a single failure. On both machines, I've checked that net.inet.carp.preempt is enabled. The master appears to be detecting the demotion, as it sets net.inet.carp.demotion to 240 during a failure, but ifconfig still reports advskew as 0. I'm not 100% sure if that number should update, or if the demotion number is added to the advskew reported by ifconfig. Relevent sysctl, ifconfig, and log output taken from the master firewall during a failure is attached. Any help is greatly appreciated! --- Thanks, Andrew Kester The Storehouse https://sthse.co em0: flags=8943 metric 0 mtu 1500 options=209b ether 3e:4c:88:b9:f1:39 hwaddr 3e:4c:88:b9:f1:39 inet6 fe80::3c4c:88ff:feb9:f139%em0 prefixlen 64 scopeid 0x1 inet [...] netmask 0xfc00 broadcast [...] inet [...] netmask 0xfc00 broadcast [...] vhid 2 inet [...] netmask 0xfc00 broadcast [...] vhid 3 inet [...] netmask 0xfc00 broadcast [...] vhid 4 nd6 options=21 media: Ethernet autoselect (1000baseT ) status: active carp: MASTER vhid 2 advbase 1 advskew 0 carp: MASTER vhid 3 advbase 1 advskew 0 carp: MASTER vhid 4 advbase 1 advskew 0Nov 1 15:15:38 check_reload_status Carp backup event Nov 1 15:15:38 kernel carp: 6@em4: MASTER -> INIT (hardware interface down) Nov 1 15:15:38 kernel carp: demoted by 240 to 240 (interface down) Nov 1 15:15:38 kernel em4: link state changed to DOWN Nov 1 15:15:38 check_reload_status Linkup starting em4 Nov 1 15:15:39 php-fpm 861 /rc.carpbackup: HA cluster member “([…]@em4): (OFFICE)" has resumed CARP state "BACKUP" for vhid 6 Nov 1 15:15:39 php-fpm 861 /rc.linkup: Hotplug event detected for OFFICE(opt3) static IP ([…]) Nov 1 15:15:39 check_reload_status Reloading filternet.inet.carp.ifdown_demotion_factor: 240 net.inet.carp.senderr_demotion_factor: 0 net.inet.carp.demotion: 240 net.inet.carp.log: 1 net.inet.carp.preempt: 1 net.inet.carp.allow: 1 net.pfsync.carp_demotion_factor: 0___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold