Hi all, I have a pair of firewalls using carp between them in front of some servers. Works really nice.
Today, however, I got an edge case on the firewalls. Firewall one was not accessible, and I couldn't access any firewall behind it. Getting into firewall 2 directly, I found that firewall 1 internal interface was up, but the external was unreachable. I checked the carp interfaces and found that firewall 2 was advertising as a master on the external interface, but as a backup on the internal interface. sshing over to firewall 1 on the dedicated cross over carp link, I found that firewall 1 was also advertising master on the external interface and master on the internal interface. Firewall 1 could not ping past it's external interface, though the network layer was up. Due to this, carp on Firewall 1 did not think it was down, and so, seemed to be ignoring the pre-emption being attempted by firewall 2. So I ended up having packets going into firewall 2, but then trying to get out through firewall 1. Both firewalls have the preempt option set in sysctl.conf Manually failing firewall 1 did the trick and firewall 2 took over master on external and internal and all is good now. We are still resolving why firewall 1 can't get out to the Internet, might be a specific routing or acl problem on the switch it is connected to, might be a hardware problem, not sure yet. However, the question I have is how do others deal with this? I was thinking a cron entry that periodically checks for connectivity both ways and sets the carp state to backup if the checks fail, but this sounds a bit off the cuff and hackish and could be prone to a race condition or ending up setting BOTH firewalls to backup at the same time... not so good I am thinking. So needed is some sort of heartbeat. In this case, Carp didn't see anything wrong (interface was up, link was good, traffic being received... just no route anywhere and every packet sent got blackholed). A bit of googling around didn't turn up anything obvious. Any ideas? Mikel
