Hi, I have changed my CARP failover setup from default multicast to unicast by introducing carppeer config option. Physical interfaces share /29 subnet with upstream ISP, and IP addressing is as follows:
ISP: XX.XXX.XXX.121/29 FW1: XX.XXX.XXX.122/29 FW2: XX.XXX.XXX.123/29 FW_CARP: XX.XXX.XXX.124/29 I am announcing my AS to ISP via BGP from both FW1 and FW2, using match rules to set $FW_CARP as nexthop address: match to $ISP set nexthop $FW_CARP After introducing carppeer option I see incoming traffic on physical interfaces of both MASTER and BACKUP firewalls, as opposed to the situation without carppeer option, where I see incoming traffic on physical interface of MASTER only. Here's hostname.carp3 of both firewalls: FW2 (MASTER): inet XX.XXX.XXX.124 255.255.255.248 NONE \ description ISP-CARP \ advskew 0 \ carpdev bge3 \ carppeer XX.XX.XXX.122 \ pass -OfCourseIChangedThis \ vhid 3 FW1 (BACKUP): inet XX.XXX.XXX.124 255.255.255.248 NONE \ description ISP-CARP \ advskew 100 \ carpdev em1 \ carppeer XX.XXX.XXX.123 \ pass -OfCourseIChangedThis \ vhid 3 Is this the intended behaviour? Or am I doing something wrong? By the way, I am moving to unicast CARP primarily because I heard that OSPF sessions in GRE tunnels that terminate on unicast CARP interfaces survive failovers, as opposed to my tests with default multicast CARP where OSPF gets confused after failover. I couldn't find much info on this, and I would be thankful if someone pointed me where to look or share their experiences. Thank you in advance, -- Before enlightenment - chop wood, draw water. After enlightenment - chop wood, draw water. Marko Cupać https://www.mimar.rs/
