Solved CARP preemption not working (FreeBSD 11.0)

I'm trying to set up a pair of FreeBSD 11.0 machines as a redundant pair of routers with failover provided by CARP and PFSync.

A slightly simplified version of what I'm doing:
  • 2 machines - "Router A" and "Router B"
  • Each machine has 3 interfaces - One dedicated to PFSync, another has a single CARP alias and a single non-CARP IP, the third has a single non-CARP IP and several CARP aliases.
  • All CARP aliases on Router A have an advskew of 0, all CARP aliases on Router B have an advskew of 100.
Currently the basic CARP functionality works - If the master outright fails, all IPs on the backup machine become the master. However, if only one of the physical interfaces on the master machine is taken down (either by bringing it down with ifconfig or by physically unplugging it), the backup machine will become the master for that specific interface however the aliases on the other physical interface will stay set as a backup.

What I am trying to achieve is to have it so that if a single interface fails on, say Router A, Router B should become the master for ALL aliases on ALL physical interfaces. In other words, there should not be a situation where one machine is the master for some aliases and the backup for others.

Looking at the OpenBSD documentation here: https://www.openbsd.org/faq/pf/carp.html it states that the "net.inet.carp.preempt" option can be enabled and that this "enables failing over a group of interfaces together in the event that one interface goes down." I've enabled this option but this does not happen. The documentation also states that this option will "Allow hosts within a redundancy group that have a better advbase and advskew to preempt the master." This also does not happen, if I bring down Router A (with the lower advskew) so that Router B becomes the master, then bring Router A back, Router A will come up as a backup for all aliases and Router B will continue to be the master. This second part doesn't particularly bother me since in this situation I don't care which router is the master, it just needs to be the master for ALL aliases even if only one has failed however this makes me think that the preempt option isn't doing anything at all.

Happy to provide more information if required.

Thanks,
Cameron
 
Resolved it, complete PEBKAC! I had left one of the interfaces that has a CARP alias on both machines physically unplugged, D'OH!
 
Back
Top