From owner-freebsd-current@FreeBSD.ORG Thu Jul 16 19:33:06 2009 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 9D0A41065672 for ; Thu, 16 Jul 2009 19:33:06 +0000 (UTC) (envelope-from delphij@delphij.net) Received: from tarsier.delphij.net (delphij-pt.tunnel.tserv2.fmt.ipv6.he.net [IPv6:2001:470:1f03:2c9::2]) by mx1.freebsd.org (Postfix) with ESMTP id D2C508FC16 for ; Thu, 16 Jul 2009 19:33:05 +0000 (UTC) (envelope-from delphij@delphij.net) Received: from tarsier.geekcn.org (tarsier.geekcn.org [211.166.10.233]) (using TLSv1 with cipher ADH-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by tarsier.delphij.net (Postfix) with ESMTPS id AF5715C026 for ; Fri, 17 Jul 2009 03:33:04 +0800 (CST) Received: from localhost (tarsier.geekcn.org [211.166.10.233]) by tarsier.geekcn.org (Postfix) with ESMTP id 66F4A55CD83A; Fri, 17 Jul 2009 03:33:04 +0800 (CST) X-Virus-Scanned: amavisd-new at geekcn.org Received: from tarsier.geekcn.org ([211.166.10.233]) by localhost (mail.geekcn.org [211.166.10.233]) (amavisd-new, port 10024) with ESMTP id FRfwzVRUvl2c; Fri, 17 Jul 2009 03:32:05 +0800 (CST) Received: from charlie.delphij.net (adsl-76-237-33-62.dsl.pltn13.sbcglobal.net [76.237.33.62]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by tarsier.geekcn.org (Postfix) with ESMTPSA id 2631155CD61B; Fri, 17 Jul 2009 03:31:49 +0800 (CST) DomainKey-Signature: a=rsa-sha1; s=default; d=delphij.net; c=nofws; q=dns; h=message-id:date:from:reply-to:organization:user-agent: mime-version:to:cc:subject:references:in-reply-to: x-enigmail-version:openpgp:content-type:content-transfer-encoding; b=q37IV4Cbos34LN6Y+1AyyyhYCKyO9vNBEmUaLQWEVxG4zhMOfBHm2bogfO3dKicRv 94DJB8QPFCriQRw8r9LcA== Message-ID: <4A5F8010.7050504@delphij.net> Date: Thu, 16 Jul 2009 12:31:28 -0700 From: Xin LI Organization: The FreeBSD Project User-Agent: Thunderbird 2.0.0.22 (X11/20090701) MIME-Version: 1.0 To: Ian FREISLICH References: <4A5F7540.7070201@delphij.net> <4A5EF889.6040604@delphij.net> In-Reply-To: X-Enigmail-Version: 0.95.7 OpenPGP: id=18EDEBA0; url=http://www.delphij.net/delphij.asc Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: FreeBSD Current , d@delphij.net Subject: Re: CARP broken on -CURRENT? X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: d@delphij.net List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 16 Jul 2009 19:33:07 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Ian FREISLICH wrote: > Xin LI wrote: >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> Ian FREISLICH wrote: >> [...] >>> I have noticed that if there are multiple IP addresses on the carp >>> interface and these are configured in a different order on each >>> host, the you can expect messages like the following: >>> >>> Jun 9 23:56:29 firewall2 kernel: carp15: incorrect hash >>> Jun 9 23:56:30 firewall2 kernel: carp15: incorrect hash >>> Jun 9 23:56:31 firewall2 kernel: carp15: incorrect hash >>> Jun 9 23:56:32 firewall2 kernel: carp15: incorrect hash >>> >>> And both hosts will claim MASTER status. >> This reminded me... I've set net.inet.carp.log=2 now but except some >> bad CARP packets on the outside (12.xxx.xxx.112/28) network due to VRRP >> router, I didn't saw any complain about incorrect hash. Are you using >> "pass" parameter when setting up CARP? > > Yes, I use pass. There are many untrusted hosts on my network. > > Taking another look at the manual page, I think that the behaviour > you're seeing is expected. Try setting advbase to the same on all > vhids on both hosts. Use advskew to set a preference for one of > your servers. Use advbase to determine how quickly a failure will > be detected. > > To use carp, the administrator needs to configure at minimum > a common virtual host ID (VHID) and virtual host IP address > on each machine which is to take part in the virtual group. > Additional parameters can also be set on a per-interface basis: > advbase and advskew, which are used to control how frequently > the host sends advertisements when it is the master for a > virtual host, and pass which is used to authenticate carp > advertisements. Um... In order to narrow this down I have removed advbase setting from both servers (now they use the default number, 1) but seems no luck. I have further checked netstat -s, it seems that only the CARP packets with bad length (which are really VRRP packets) are being counted into the "received" packets, and were all discarded (of course). I've manually put these interfaces down and will check back to see if there is some clue in our code in the afternoon. Jul 16 12:22:58 gate2 kernel: carp0: INIT -> BACKUP Jul 16 12:22:58 gate2 kernel: carp1: INIT -> BACKUP Jul 16 12:22:58 gate2 kernel: carp0: link state changed to DOWN Jul 16 12:22:58 gate2 kernel: carp1: link state changed to DOWN Jul 16 12:22:58 gate2 kernel: carp2: INIT -> BACKUP Jul 16 12:22:58 gate2 kernel: carp3: INIT -> BACKUP Jul 16 12:22:58 gate2 kernel: carp2: 2 link states coalesced Jul 16 12:22:58 gate2 kernel: carp2: link state changed to DOWN Jul 16 12:22:58 gate2 kernel: carp3: 2 link states coalesced Jul 16 12:22:58 gate2 kernel: carp3: link state changed to DOWN Jul 16 12:22:58 gate2 kernel: carp2: link state changed to DOWN Jul 16 12:22:58 gate2 kernel: carp3: link state changed to DOWN Jul 16 12:22:58 gate2 kernel: carp_input: received len 20 < sizeof(struct carp_header) on em0 Jul 16 12:23:01 gate2 kernel: carp1: link state changed to UP Jul 16 12:23:01 gate2 kernel: carp0: link state changed to UP Jul 16 12:23:01 gate2 kernel: carp2: INIT -> BACKUP Jul 16 12:23:01 gate2 kernel: carp3: INIT -> BACKUP Jul 16 12:23:01 gate2 kernel: carp2: link state changed to DOWN Jul 16 12:23:01 gate2 kernel: carp3: link state changed to DOWN Jul 16 12:23:01 gate2 kernel: carp_input: received len 20 < sizeof(struct carp_header) on em0 Jul 16 12:23:04 gate2 kernel: carp3: link state changed to UP Jul 16 12:23:04 gate2 kernel: carp2: link state changed to UP Jul 16 12:23:05 gate2 kernel: carp_input: received len 20 < sizeof(struct carp_header) on em0 Jul 16 12:23:09 gate2 kernel: carp_input: received len 20 < sizeof(struct carp_header) on em0 ===== Jul 16 12:22:55 gate1 kernel: carp2: INIT -> BACKUP Jul 16 12:22:55 gate1 kernel: carp3: INIT -> BACKUP Jul 16 12:22:55 gate1 kernel: carp2: link state changed to DOWN Jul 16 12:22:55 gate1 kernel: carp3: link state changed to DOWN Jul 16 12:22:56 gate1 kernel: carp_input: received len 20 < sizeof(struct carp_header) on em0 Jul 16 12:22:58 gate1 kernel: carp2: link state changed to UP Jul 16 12:22:58 gate1 kernel: carp3: link state changed to UP Jul 16 12:22:59 gate1 kernel: carp_input: received len 20 < sizeof(struct carp_header) on em0 Jul 16 12:23:01 gate1 kernel: carp_input: received len 20 < sizeof(struct carp_header) on em0 Jul 16 12:23:20 gate1 kernel: carp_input: received len 20 < sizeof(struct carp_header) on em0 Jul 16 12:23:21 gate1 kernel: carp_input: received len 20 < sizeof(struct carp_header) on em0 Jul 16 12:23:24 gate1 kernel: carp_input: received len 20 < sizeof(struct carp_header) on em0 Jul 16 12:23:25 gate1 kernel: carp_input: received len 20 < sizeof(struct carp_header) on em0 Jul 16 12:23:41 gate1 kernel: carp_input: received len 20 < sizeof(struct carp_header) on em0 Jul 16 12:24:01 gate1 kernel: carp_input: received len 20 < sizeof(struct carp_header) on em0 Jul 16 12:24:21 gate1 kernel: carp_input: received len 20 < sizeof(struct carp_header) on em0 Jul 16 12:24:32 gate1 kernel: carp_input: received len 20 < sizeof(struct carp_header) on em0 - -- Xin LI http://www.delphij.net/ FreeBSD - The Power to Serve! -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.12 (FreeBSD) iEYEARECAAYFAkpfgA8ACgkQi+vbBBjt66AFhgCgsQ+4NyMliW4EpnqU/nmIlLTu R5kAn0EGS+SFNB6XoijjGI8omTub8YLi =IdlA -----END PGP SIGNATURE-----