Date: Mon, 09 Oct 2006 10:00:13 +0200 From: Giulio Ferro <auryn@zirakzigil.org> To: freebsd-cluster@freebsd.org Subject: Problems with carp Message-ID: <452A018D.8080602@zirakzigil.org>
next in thread | raw e-mail | index | archive | help
I'm some strange behaviour with carp in FreeBSD. I have a simple redundant firewall configuration: Each machine has three Realtek Gibabit network interfaces, one toward Internet, one toward LAN, and one toward each other with a cross cable for syncronization The PCs have 2GHz. celerons. The firewall software is pf, the os is Freebsd 6.2 prerel. (updated last friday). In the rules I have: pass quick proto carp pass quick proto pfsync On the master firewall the redundant interfaces are set like this ifconfig_carp0="vhid 1 pass <password> <common external ip>/<mask>" ifconfig_carp1="vhid 2 pass <password> <common internal ip>/<mask>" on the backup firewall ifconfig_carp0="vhid 1 pass <password> <common external ip>/<mask> advskew 100" ifconfig_carp1="vhid 2 pass <password> <common internal ip>/<mask> advskew 100" As long as there is only one firewall everything works fine. When I start the backup firewall this unexplainadly becomes the master, and the one which was master becomes backup! Another strange behavior is that an ifconfig on firewall 2 will show the advskew of the LAN carp interface to be 0, not 100 (on the Internet if it's set correctly to 100). I have to set it manually to 100 to make it work. This configuration works fine, even if it's not what I want (I'd like the first firewall to be master). Another problem comes out when I power down the second firewall. The first firewall becomes master again, BUT the common interface is lost. That is, if I try to ping the common IP from a machine on the LAN, it doesn't get any answer. Only the physical interace seems to work. Even a ifconfig carp0 arp doesn't any good. I have to restart the firewall to make it work properly again.. Another problem is that the interfaces don't fail as a group. Of course I have net.inet.carp.preempt=1 but if I try to unplug a cable from firewall 2, that carp interface becomes INIT, but the other interface stays MASTER. Specularly on firewall 1 the corrisponding carp interface becomes MASTER, but the other stays BACKUP. Result : nothing works any more... I hope someone has some good ideas why this happens. I hope this is the right place to ask these questions, but I couldn't find a carp-related mailing list...
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?452A018D.8080602>