nat1 will only preempt the nat2 after a fail-over to nat2 if the "carp"
group and the "pfsync" group have the same demotion counter.
ifconfig -g carp
ifconfig -g pfsync
So if the failover which is happening for some "unknown reason" is
affecting the demotion counters in anyway, preemption back to nat1 will
not happen until you normalise the carp and pfsync group's demotion
counters as you say..
Cheers, Andy.
On 02/10/14 10:24, Marko Cupać wrote:
Hi,
I have carp setup on two pairs of interfaces on our internal firewalls
that sit between private network and DMZ. The problem is that, for some
unknown reason, from time to time, carp fails over to nat2 (backup), and
does not revert to nat1 (master), until I manually carpdemote nat2.
If I understand carp well, my configuration should revert to master as
soon as it becomes available. If not, how can I achieve it?
Here's carp interfaces config:
nat1 (master):
pacija@nat1:~ $ sudo cat /etc/hostname.carp1
inet 192.168.225.6 255.255.255.248 192.168.225.7 \
vhid 1 pass mypass carpdev bnx0
pacija@nat1:~ $ sudo cat /etc/hostname.carp2
inet 193.53.106.32 255.255.255.0 193.53.106.255 \
vhid 2 pass mypass carpdev bnx1
inet alias 193.53.106.33 255.255.255.255
inet alias 193.53.106.34 255.255.255.255
inet alias 193.53.106.35 255.255.255.255
inet alias 193.53.106.36 255.255.255.255
inet alias 193.53.106.37 255.255.255.255
inet alias 193.53.106.38 255.255.255.255
inet alias 193.53.106.39 255.255.255.255
nat2 (backup):
pacija@nat2:~ $ sudo cat /etc/hostname.carp1
inet 192.168.225.6 255.255.255.248 192.168.225.7 \
vhid 1 advskew 100 pass mypass carpdev bnx0
pacija@nat2:~ $ sudo cat /etc/hostname.carp2
inet 193.53.106.32 255.255.255.0 193.53.106.255 \
vhid 2 advskew 100 pass mypass carpdev bnx1
inet alias 193.53.106.33 255.255.255.255
inet alias 193.53.106.34 255.255.255.255
inet alias 193.53.106.35 255.255.255.255
inet alias 193.53.106.36 255.255.255.255
inet alias 193.53.106.37 255.255.255.255
inet alias 193.53.106.38 255.255.255.255
inet alias 193.53.106.39 255.255.255.255
