Hey everybody, I'm experiencing problems with CARP after upgrading to 6.3, it was working fine between my two servers in 6.2 but after upgrading (first backup and then master) I have a ping package loss on about 20%.
It seem like the backup server tries to take the master, cause it's the only one changing the states. When it changes state the symptoms is: one package is dropped (ping), and it switches back to backup. I haven't changed anything, carp-config or PF, except the upgrade to 6.3. It works if i shutdown the master, then Backup takes over fine and gives back to master when it gets up, but when it's just running in backup, it switches back and fourth. I have tried tcpdumping and looking at my pfsync0 but I can't find the problem. I have tried to write my CARP settings again in hostname.carp* on both servers, check if pfsync0 is on the same interface and IP-range on both servers, checked my PF and everything, but can't find the problem... It does it across all 6 CARP's, so it looks like it's missing a hardbeat or something once in a while. I also tried switching from multicast to unicast, in case my ISP (running Juniper equipment) have activated something on the WAN side, but it didn't change my experience - but since it also happens on my LAN I didn't really expect this to be the problem. # Server 1 My /etc/hostname.* for CARP's and pfsync + host adaptor: https://pastebin.com/vrtuPqnQ My /etc/pf.conf: https://pastebin.com/yhVkG4x4 # Server 2 My /etc/hostname.* for CARP's and pfsync + host adaptor: https://pastebin.com/a7fuM923 My /etc/pf.conf: https://pastebin.com/xNr1TtZ7 Any help or pointers would be fantastic. I have struggled with this for a week now and I'm running out of idears - the only solution I have right now is turning off the backup server. $ uname -a OpenBSD BSD-firewall01.static.semarkit.net 6.3 GENERIC.MP#107 amd64 Both servers is running on a KVM host running Debian Stretch with ZFS-for- Linux and they haven't been touched either since it got installed, neither before, under or after the problems started. em0 is passed through the host and running all the VLAN and CARP things, while em1 (pfsync0) is a crossed connection between the two host servers not connected to the outside world or switch. If you need any other information on anything in the setup, please feel free to ask, I'm really annoyed by this, since it has worked and now it don't, and I can't figure out why or what I have missed. The only thing I haven't tried yet is to install a couple of new server and reproduce the problem. Sorry for a really long post! And to the people receiving this message for the second time, I'm really sorry to, but had some problems with my DMARC settings. -- Med Venlig Hilsen / Best Regards Henrik Dige Semark
