Bug #7858
closedCARP and preemption
0%
Description
There is a pending ticket related or close to the CARP preemption behavior:
https://redmine.pfsense.org/issues/4845
specifically in case of VMs.
The CARP creators have thought to the preemption feature, namely that if one
adapter protected by CARP redundancy fails on the elected MASTER host, the MASTER releases / demotes
a group of CARP protected adapters.
https://www.openbsd.org/faq/pf/carp.html#failover
On PFsense version 2.3.4_1 for amd64 on physical boxes, the kernel parameter
net.inet.carp.preempt=1 produces no effect in a classical topology with 2 redundant
firewalls with protected LAN / WAN / DMZ adapters.
1) Initially, all adapters are MASTER on host1.
2) When one adapter fails on host1 (e.g. LAN), only this adapter is switched to host2
I suggest to implement a simple preemption option: if one protected CARP adapter fails on a given MASTER host, this host demotes all its adapters. This is maybe very simple approach, but better than losing subnet reachability.