Date: Wed, 27 Mar 2013 14:23:58 -0700 From: Freddie Cash <fjwcash@gmail.com> To: FreeBSD-Current <freebsd-current@freebsd.org> Subject: Re: CARP will not relinquish master state on one interface Message-ID: <CAOjFWZ6iV2iPyMMbY3iRPvbCcwQWT-Svd1z%2B%2BcP1nFzd3pTyWA@mail.gmail.com> In-Reply-To: <CAOjFWZ4%2BEi4c=uNi1yfw4hxhh3%2B_r5NDd3ZgtqGFbjFMcUeDtw@mail.gmail.com> References: <CAOjFWZ4%2BEi4c=uNi1yfw4hxhh3%2B_r5NDd3ZgtqGFbjFMcUeDtw@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Figure it out. :( Was an IPFW rule. Seems the following two rules block CARP traffic: # Check for spoofed packets # Anti-spoof rules # These do roughly the same things: # verrevpath checks all incoming packets to see if the source IP matches any route on that interface # antispoof checks all incoming packets to make sure the source IP is not listed in a network of another interface $ipfw add 30 deny log ip from any to any not verrevpath in recv $if_public $ipfw add 40 deny log ip from any to any not antispoof in recv $if_public Removing those two rules on both boxes makes em0 fail-over correctly between the two. On Wed, Mar 27, 2013 at 2:02 PM, Freddie Cash <fjwcash@gmail.com> wrote: > Two systems running identical hardware and software (one system actually > rsync'd from the other). Running 10-CURRENT just after the new CARP > implementation went in: > > FreeBSD nexus2.sd73.bc.ca 10.0-CURRENT FreeBSD 10.0-CURRENT #1 r245195: > Thu Jan 10 10:29:16 PST 2013 root@nexus2.sd73.bc.ca:/usr/obj/usr/src/sys/NEXUS > i386 > > Each box has 2 interfaces configured: > em0 is part of an untagged vlan > em1 is part of 8 tagged vlans > > The tagged vlan interfaces work correctly on both boxes, and CARP switches > back and forth between MASTER and BACKUP correctly, whether it be via > unplugging the network cable or via "ifconfig ... state" changes. > > The untagged vlan on both boxes will not relinquish MASTER status. If > both boxes are up, both em0 interfaces are up, then both boxes configure > the vhid as MASTER and nasty things happen to our traffic. > > The network configuration is: > > [remote site]------fibre link--------[fibre switch]----------[carp > box1]--------[internet] > [remote site]------fibre link----------/ \------------[carp box > 2]-------/ > [remote site]------fibre link---------/ > > The fibre links to the fibre switch are on untagged vlans; the link from > the switch to each carp box is a tagged vlan trunk. And the link from each > carp box to the Internet router is an untagged vlan. > > If only box1 is online, everything works correctly. > > If only box2 is online, everything works correctly. > > If both boxes are online, everything on em1 works correctly, and em0 shows > MASTER on both boxes. > > If both boxes are online but em0 is down on 1 (either) box, everything > works correctly. > > Running "tcpdump -n -i em0 -T carp | grep CARP" on both boxes shows the > CARPv2 traffic from both boxes, with the correct vhid, advbase, advskew for > each box. But the logs on box2 show "master down". > > I'm at a loss as to what to try next. Everything works for all the vlan > interfaces on em1. But nothing I've tried works for em0. Within 2 seconds > of the link showing UP, it becomes MASTER. On both boxes. > > -- > Freddie Cash > fjwcash@gmail.com > -- Freddie Cash fjwcash@gmail.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAOjFWZ6iV2iPyMMbY3iRPvbCcwQWT-Svd1z%2B%2BcP1nFzd3pTyWA>