for my external carp interface both firewalls show master as status
The config is below for reference:
/etc/hostname.carp0 on fw1
inet x.x.x.114 255.255.255.240 x.x.x.127 vhid 40 carpdev em2 pass password
advskew 1
inet alias x.x.x.115 0xfffffff0
inet alias x.x.x.116 0xfffffff0
/etc/hostname.carp0 on fw2
inet x.x.x.114 255.255.255.240 x.x.x.127 vhid 40 carpdev em0 pass password advskew 128
inet alias x.x.x.115 0xfffffff0
inet alias x.x.x.116 0xfffffff0
On both firewalls I have added the following in /etc/pf.conf:
pass on { $ext_if $int_if } proto carp keep state (no-sync)
Did anyone already encounter this issue or has any idea what might be wrong?
Hard to tell without logs. Some things that come to mind:
- Do the two fw actually have a link on their carp0 carpdev interfaces?
If both are master, both should be sending out CARP advertisements, so
I'd try to run tcpdump on both external interfaces and look for those:
tcpdump -n -e -i carp0 proto carp
- Did you enable CARP preemption? Try setting these via sysctl:
net.inet.carp.preempt=1
net.inet.carp.log=3
- In your config one fw has carpdev em2, the other carpdev em0. Could be
OK, or could be an error.
