Bug #7858
closed
CARP and preemption
0%
Description
There is a pending ticket related or close to the CARP preemption behavior:
https://redmine.pfsense.org/issues/4845
specifically in case of VMs.
The CARP creators have thought to the preemption feature, namely that if one
adapter protected by CARP redundancy fails on the elected MASTER host, the MASTER releases / demotes
a group of CARP protected adapters.
https://www.openbsd.org/faq/pf/carp.html#failover
On PFsense version 2.3.4_1 for amd64 on physical boxes, the kernel parameter
net.inet.carp.preempt=1 produces no effect in a classical topology with 2 redundant
firewalls with protected LAN / WAN / DMZ adapters.
1) Initially, all adapters are MASTER on host1.
2) When one adapter fails on host1 (e.g. LAN), only this adapter is switched to host2
I suggest to implement a simple preemption option: if one protected CARP adapter fails on a given MASTER host, this host demotes all its adapters. This is maybe very simple approach, but better than losing subnet reachability.
Updated by Jim Pingle over 6 years ago
- Status changed from New to Not a Bug
If you unplug an adapter (or mark it down in the hypervisor -- NOT at the OS level) then CARP will preempt, the primary demotes itself, and then all VIPs failover to the secondary host, which becomes master.
If you aren't seeing this, then the flaw is in your testing or a misunderstanding of how preemption works. Other cases are covered by the existing ticket.
Updated by Phil Keep over 6 years ago
Hello Jim,
I'm using 2 physical boxes. I'm not using VMs.
Cheers Phil.
Updated by Phil Keep over 6 years ago
Hello Jim,
I've retried the testing by disconnecting a network cable, and yes the preemption works.
Sorry for this useless ticket.
You can close or delete this ticket.
Cheers Phil.