3 ping packet loss on CARP failover from Master -> Slave, fine failing back

[iMiMx]

Have HA setup and working well, however I noticed that when failing from Master -> Slave by enabling persistent carp maintenance mode, 3 pings are lost (state is synced fine, ssh sessions remain etc). When failing back from Slave -> Master everything is fine, no loss.

I ran a quick Google and it turned up the below, from pfSense:

https://forum.netgate.com/topic/123871/carp-master-manual-switch-introduces-packet-loss

The suggested workaround there seems to fix the problem. Executing the below on the master causes traffic to shift to the slave with 0 ping loss:

sysctl net.inet.carp.demotion 240

Is this a known/accepted issue?

[AdSchellevis]

You can alter the demotion factor while in maintenance, the option sets the advskew on the interface, but there might be a small glitch (I'm not 100% sure)

core/src/etc/inc/interfaces.inc

Lines 1685 to 1687 in 2c61e06

	$carp_maintenancemode = isset($config["virtualip_carp_maintenancemode"]);
	if ($carp_maintenancemode) {
	$advskew = "advskew 254";

[iMiMx]

By the time I've entered maintenance, the loss has already happened though? Or am I missing something? :)

• Click CARP maintenance
• 3 ping loss
• Fail over completes successfully with state, etc
• Reboot master
• Exit CARP Maintenance
• Fail back 0 ping loss

If instead:

• sysctl net.inet.carp.demotion=240
• 0 ping loss
• Fail over has happened
• Reboot master
• Preempt fail back
• Fail back 0 ping loss

[AdSchellevis]

yes, your sysctl net.inet.carp.demotion=240 adds the amount to advskew, which is functionally the same, but the ifconfig might loose a packet when setting advskew.

Difference is after reboot, it falls back, persistent mode keeps the advskew. It would be more fluent if persistent first would set net.inet.carp.demotion and kept the advskew for the next boot.

[iMiMx]

Surely this should be classified as a bug then? Or is the 3 packet loss accepted as part of the current HA implementation?

[AdSchellevis]

a feature request sure, a bug is debatable.

[mimugmail]

I'd like to verify this on some systems before any changes are done. Are you sure your default demotions are good?

[AdSchellevis]

@mimugmail thank you!

[iMiMx]

@mimugmail as far as I can tell, no errors in the logs, sessions aren't lost etc.

[fichtner]

@mimugmail ping :)

[mimugmail]

This week only homeoffice, sorry. I also have to hunt the 3 seconds timer when unplugging a cable from LACP bundle (someone an idea?). Next Wednesday I can test this.

Sorry for delay :/

[fichtner]

No worries, just curious about the state :)

[mimugmail]

@AdSchellevis I can confirm that there's no packet loss when demoting to 240.
Only thing is that in status page you'll get the warning

CARP has detected a problem and this unit has been demoted to BACKUP status.
Check link status on all interfaces with configured CARP VIPs.

Which doesn't happen when setting to mnt mode manually. Might confuse users .. perhaps you know the impact better than me :)

[AdSchellevis]

@mimugmail I think you're looking for 0e9912c

[mimugmail]

Best code in town, works great! :)

[fichtner]

Adding it to 19.1.8, thanks!