From owner-freebsd-cluster@FreeBSD.ORG Mon Oct 9 08:00:26 2006 Return-Path: X-Original-To: freebsd-cluster@freebsd.org Delivered-To: freebsd-cluster@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6A1ED16A4E7 for ; Mon, 9 Oct 2006 08:00:26 +0000 (UTC) (envelope-from auryn@zirakzigil.org) Received: from aurynhome1sv1.zirakzigil.org (mail.zirakzigil.org [82.63.178.63]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3D0BF43D46 for ; Mon, 9 Oct 2006 08:00:24 +0000 (GMT) (envelope-from auryn@zirakzigil.org) Received: (qmail 37515 invoked by uid 98); 9 Oct 2006 08:00:25 -0000 Received: from 192.168.229.254 by aurynhome1sv1.zirakzigil.org (envelope-from , uid 89) with qmail-scanner-1.25 (uvscan: v4.4.00/v4642. Clear:RC:0(192.168.229.254):. Processed in 0.804592 secs); 09 Oct 2006 08:00:25 -0000 X-Qmail-Scanner-Mail-From: auryn@zirakzigil.org via aurynhome1sv1.zirakzigil.org X-Qmail-Scanner: 1.25 (Clear:RC:0(192.168.229.254):. Processed in 0.804592 secs) Received: from unknown (HELO ?192.168.229.254?) (auryn@zirakzigil.org@192.168.229.254) by 0 with SMTP; 9 Oct 2006 08:00:24 -0000 Message-ID: <452A018D.8080602@zirakzigil.org> Date: Mon, 09 Oct 2006 10:00:13 +0200 From: Giulio Ferro User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.12) Gecko/20050915 X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-cluster@freebsd.org Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: Problems with carp X-BeenThere: freebsd-cluster@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Clustering FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 09 Oct 2006 08:00:26 -0000 I'm some strange behaviour with carp in FreeBSD. I have a simple redundant firewall configuration: Each machine has three Realtek Gibabit network interfaces, one toward Internet, one toward LAN, and one toward each other with a cross cable for syncronization The PCs have 2GHz. celerons. The firewall software is pf, the os is Freebsd 6.2 prerel. (updated last friday). In the rules I have: pass quick proto carp pass quick proto pfsync On the master firewall the redundant interfaces are set like this ifconfig_carp0="vhid 1 pass /" ifconfig_carp1="vhid 2 pass /" on the backup firewall ifconfig_carp0="vhid 1 pass / advskew 100" ifconfig_carp1="vhid 2 pass / advskew 100" As long as there is only one firewall everything works fine. When I start the backup firewall this unexplainadly becomes the master, and the one which was master becomes backup! Another strange behavior is that an ifconfig on firewall 2 will show the advskew of the LAN carp interface to be 0, not 100 (on the Internet if it's set correctly to 100). I have to set it manually to 100 to make it work. This configuration works fine, even if it's not what I want (I'd like the first firewall to be master). Another problem comes out when I power down the second firewall. The first firewall becomes master again, BUT the common interface is lost. That is, if I try to ping the common IP from a machine on the LAN, it doesn't get any answer. Only the physical interace seems to work. Even a ifconfig carp0 arp doesn't any good. I have to restart the firewall to make it work properly again.. Another problem is that the interfaces don't fail as a group. Of course I have net.inet.carp.preempt=1 but if I try to unplug a cable from firewall 2, that carp interface becomes INIT, but the other interface stays MASTER. Specularly on firewall 1 the corrisponding carp interface becomes MASTER, but the other stays BACKUP. Result : nothing works any more... I hope someone has some good ideas why this happens. I hope this is the right place to ask these questions, but I couldn't find a carp-related mailing list...