> Traffic shouldn't even be getting OUT on the backup in this situation.
i agree - there is no correct solution without using an ip addr for each real interface. would be nice to for example use an external ntp server to sync with, but unless it uses another route (rather than ip-less carp'd interface), it cannot (without dodgy work-arounds).
