CARP stability issues are often due to not being able to send or
receive CARP protocol messages properly across networks A and B, and/or
not being able to send or recieve pfsync protocol messages across the
crossover cable between the firewalls.
pass out quick proto carp keep state (no-sync) set prio 7
pass quick proto carp from { fe80::/10 } to { ff00::/8 } keep state
(no-sync)
pass quick proto carp from { $all_carpv4_ips } keep state (no-sync)
pass quick on { $if_pfsync_dev } proto pfsync keep state (no-sync)
$all_carpv4_ips = is set to all of the physcial v4 IPs on all of the
physical interfaces.
$if_pfsync_dev = em5 (our crossover cable connecting the two firewalls)
/etc/sysctl.conf;
net.inet.carp.preempt=1 # 1=Enable carp(4) preemption
net.inet.carp.log=3 # log level of carp(4) info, default 2
Cheers, Andy.
On Thu 20 Feb 2014 10:49:34 GMT, Janne Johansson wrote:
The sysctl for carp preempt sounds like that you are looking for.
2014-02-20 11:24 GMT+01:00 Kim Zeitler <[email protected]>:
Hello,
I have recently stumbled over a problem with a CARP router setup.
The routers have 2 carped interfaces, one for network A and B respectively.
We had the scenario that Router1 was Master for A and Backup for B,
Router2 Backup A and Master B. A manual demote managed to get one router
to be Master on A and B.
Is there a possibility to join the CARP state of 2 interfaces i.e. both
Master or both Backup, no mix.
Thanks in advance
Kim Zeitler
