CARP Status¶
The CARP status page is a part of the pfSense® software GUI at Status > CARP (failover). This page shows the current status of all configured CARP Virtual IP addresses. The page also provides troubleshooting and maintenance controls.
CARP Maintenance Controls¶
The top section of the page contains buttons to manage the CARP behavior of this node.
Warning
After changing the enable/disable status or maintenance mode, it may take a few moments for a node to completely take over the MASTER status on all VIPs.
After clicking one of the buttons the page may refresh before this process is complete. To ensure the status is accurate, wait a few moments and manually reload the page by clicking the page title in the breadcrumb bar.
Enable/Disable CARP¶
The first button toggles the enable/disable status of CARP temporarily, and will have one of two labels depending on the current status:
- Temporarily Disable CARP
When CARP is active this button will temporarily disable CARP and remove the CARP VIP configuration from the operating system.
If this is the primary node, the secondary node will take over the MASTER role when the process completes.
This setting is not retained across reboots. If CARP is temporarily disabled and the firewall reboots, CARP will be active after the reboot.
- Enable CARP
When CARP is disabled this button will enable CARP and reconfigure the CARP VIPs on the interfaces.
If this is the primary node it will take over the MASTER role when the process completes.
Maintenance Mode¶
The next button toggles CARP maintenance mode. In maintenance mode the VIP
configuration remains on the interfaces and a node participating in CARP demotes
itself naturally by increasing the advertising frequency skew of its VIPs to the
maximum value, 254. This allows other CARP nodes to take over the MASTER
role naturally.
For example, the secondary node typically has a skew of 100. If the primary
node enters maintenance mode, the secondary node now has a lower skew (100
is less than 254) and the secondary node will assume the MASTER role as
it will be advertising faster than the demoted primary node.
Maintenance mode persists across reboots so it can ensure that a node does not take back over prematurely before it is ready. This makes it useful for performing upgrades or other maintenance on the primary node.
The button has one of two labels depending on the current status:
- Enter Persistent CARP Maintenance Mode
Sets the skew of all VIPs to
254and sets the maintenance mode flag in the firewall configuration. If this flag is present in the configuration at boot time, the node will remain in maintenance mode.- Leave Persistent CARP Maintenance Mode
Sets the skew of all VIPs to the value specified in the VIP configuration and clears the maintenance mode flag in the firewall configuration.
Warning
If all nodes in a cluster are in maintenance mode, the result is unpredictable as they will all be using the same skew value. Only put one node in a cluster into maintenance mode at a time.
Reset Demotion Status¶
The system keeps track of a demotion value which can change based on the status
of interfaces with CARP VIPs. For example, if an interface with a CARP VIP is
down, the system increases the demotion value by 240 and it adds that value
internally to the VIP skews. This allows a node to automatically demote itself
when it detects a problem. When an interface recovers it decreases the demotion
value by the same amount.
When the demotion status is non-zero the status page displays a warning box at
the top explaining that the demotion status may be incorrect with a button to
reset the value. This Reset CARP Demotion Status button resets the demotion
value back to the default of 0.
Warning
Before resetting this value check all interfaces to ensure there is not an ongoing problem that needs resolved first. Resetting the demotion status while there is a problem could result in the demotion status becoming incorrect again when that problem is corrected.
Fixing the underlying problem will naturally correct the demotion value.
In rare cases a node may have a problem properly setting or clearing its own demotion status after processing interface events, and that is the only time the button should be used to return to a working status.
CARP Status¶
The CARP Status table includes entries for each CARP VIP configured on the firewall and also shows IP Alias VIPs which use a CARP VIP as a parent.
Each entry contains the following information:
- Interface and VHID
The interface and VHID for a given CARP VIP entry.
For example, a CARP VIP on WAN with a VHID of
11will be listed asWAN@11.- Virtual IP Addresses
The IP addresses associated with the CARP VIP. This includes the CARP VIP itself as well as any IP alias type VIPs which utilize this CARP VIP as a parent.
- Status
The Status column shows one of the following status strings:
- MASTER
Indicates this node is accepting all traffic for this VIP
- BACKUP
Indicates this node is monitoring CARP advertisements and not accepting traffic for the VIP.
- INIT or blank
Generally indicates a problem with the VIP. Either the VIP is not configured at the OS level, the interface upon which it is configured is down, or the interface has a problem.
When operating normally the primary node should show each VIP in MASTER status. On the secondary node each VIP should show BACKUP for the status.
If both nodes show MASTER there is usually a problem at layer 2 (the switch) preventing the nodes from seeing advertisements from the other node.
See also
See Troubleshooting High Availability for help troubleshooting CARP.
State Synchronization Status / pfsync Nodes¶
The bottom section of the page contains a list of state creator host IDs.
On current versions of pfSense software the default ID for a host is the last 8 characters of its NDI, but there is an option to set a specfic custom ID (See Filter Host ID). On previous versions the default behavior was to generate a randomized value on every filter reload.
When a cluster is configured for state synchronization each node should see states created by IDs from other nodes in this list, indicating that they are properly synchronizing state table data.
There can be some slight differences in the list depending on timing (e.g. when changing the host ID to a custom value) but the list should be nearly identical on all nodes.