Project

General

Profile

Actions
Copy link

Bug #8100

open

pfsync deletes states on primary for connections established through secondary

Added by Chris Linstruth over 7 years ago. Updated 19 days ago.

Status:
New
Priority:
Normal
Assignee:
Luiz Souza
Category:
CARP
Target version:
CE-Next
Start date:
11/15/2017
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
Affected Architecture:

Description

Steps to duplicate:

Create a typical HA pair.
Enter Persistent CARP Maintenance Mode on Primary to initiate a fail over.
Establish a new TCP session. Was tested here with a long scp transfer to an outside server from an inside host.
Observe states created on both nodes with traffic going through Secondary.
Leave Persistent CARP Maintenance Mode on Primary, initiating fail back.
Observe states deleted from Primary but still exist on Secondary. Traffic in TCP session stalls.
Enter Persistent CARP Maintenance Mode on Primary to initiate a fail over. Wait for TCP session to start passing traffic again.
Observe states recreated on Primary.
Fail back and fail over again at will. States will now persist until closed.

Condition does not exist if states are initially established while Primary is the CARP MASTER.

Tested with latest 2.4.2 snapshots.

Files

Download all files
pfsync-primary.cap (1.88 MB) pfsync-primary.cap Chris Linstruth, 11/15/2017 04:20 PM
pfsync-secondary.cap (1.9 MB) pfsync-secondary.cap Chris Linstruth, 11/15/2017 04:20 PM
Actions
Copy link
 #1

Updated by Chris Linstruth over 7 years ago

Attached complete pcaps of sync interfaces.

Actions
Copy link
 #2

Updated by Jim Pingle over 7 years ago

  • Target version changed from 2.4.2 to 2.4.3
Actions
Copy link
 #3

Updated by Anonymous over 7 years ago

  • Assignee set to Jim Pingle
Actions
Copy link
 #4

Updated by Anonymous over 7 years ago

  • Assignee changed from Jim Pingle to Luiz Souza
  • Target version changed from 2.4.3 to 2.4.4
Actions
Copy link
 #5

Updated by Anonymous almost 7 years ago

  • Target version changed from 2.4.4 to 48
Actions
Copy link
 #6

Updated by Jim Pingle over 6 years ago

  • Target version changed from 48 to 2.5.0
Actions
Copy link
 #7

Updated by Chris Linstruth over 5 years ago

Verified still occurs on 12.1-STABLE/2.5.0.

Actions
Copy link
 #8

Updated by Anonymous almost 5 years ago

  • Target version changed from 2.5.0 to CE-Next
Actions
Copy link
 #9

Updated by Viktor Gurov over 3 years ago

See #12702

Actions
Copy link
 #10

Updated by Chris Linstruth 19 days ago

  • Subject changed from pfsync Initially Deletes States on Primary for Connections Established through Secondary to pfsync Deletes States on Primary for Connections Established through Secondary

This defect still exists in pfSense Plus 25.07. States created when the secondary is the MASTER node are removed from the primary's state table when failing back to the primary. This breaks the client's connections, requiring reestablishment by the client.

Current testing shows that, when failing back to the secondary and generating traffic through the states, the states are recreated on the primary but when failing back to the primary the states vanish and traffic does not flow.

This only appears to be true for states created while the secondary is the MASTER node.

A simple SSH session into LAN and out WAN was used to test. Persistent, should stay connected through failover and fail back, and is easy to test and identify in the state table.

Actions
Copy link
 #11

Updated by Chris Linstruth 19 days ago

  • Subject changed from pfsync Deletes States on Primary for Connections Established through Secondary to pfsync deletes states on primary for connections established through secondary
Actions
Copy link

Also available in: Atom PDF