From owner-freebsd-pf@FreeBSD.ORG Tue Mar 1 18:08:24 2005 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CEF5116A4CF for ; Tue, 1 Mar 2005 18:08:24 +0000 (GMT) Received: from zixvpm01.seton.org (zixvpm01.seton.org [207.193.126.161]) by mx1.FreeBSD.org (Postfix) with ESMTP id 14B6643D41 for ; Tue, 1 Mar 2005 18:08:24 +0000 (GMT) (envelope-from mgrooms@seton.org) Received: from zixvpm01.seton.org (ZixVPM [127.0.0.1]) by Outbound.seton.org (Proprietary) with ESMTP id 8EFE13600A2 for ; Tue, 1 Mar 2005 12:08:23 -0600 (CST) Received: from smtp-out.seton.org (mail-relay.aus.dcnhs.org [10.21.254.249]) by zixvpm01.seton.org (Proprietary) with ESMTP id 3F5EE330061; Tue, 1 Mar 2005 12:08:23 -0600 (CST) Received: from localhost (unknown [127.0.0.1]) by smtp-out.seton.org (Postfix) with ESMTP id 337748014E24; Tue, 1 Mar 2005 12:08:23 -0600 (CST) Received: from smtp-out.seton.org ([10.21.254.249]) by localhost (mail [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id 00877-03; Tue, 1 Mar 2005 12:08:23 -0600 (CST) Received: from ausexfe02.seton.org (ausexfe02.seton.org [10.20.10.185]) by smtp-out.seton.org (Postfix) with ESMTP id 24C468014E23; Tue, 1 Mar 2005 12:08:23 -0600 (CST) Received: from [10.20.160.190] ([10.20.160.190]) by ausexfe02.seton.org with Microsoft SMTPSVC(6.0.3790.211); Tue, 1 Mar 2005 12:08:22 -0600 Message-ID: <4224B078.9020301@seton.org> Date: Tue, 01 Mar 2005 12:12:08 -0600 From: Matthew Grooms Organization: Seton Healthcare Network User-Agent: Mozilla Thunderbird 1.0 (Windows/20041206) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Max Laier References: <200502282232.17646.max@love2party.net> <4223931C.9000607@seton.org> <200502282326.41760.max@love2party.net> In-Reply-To: <200502282326.41760.max@love2party.net> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-OriginalArrivalTime: 01 Mar 2005 18:08:23.0010 (UTC) FILETIME=[A8224C20:01C51E89] X-Virus-Scanned: by amavisd-new at seton.org cc: Gleb Smirnoff cc: freebsd-pf@freebsd.org Subject: Re: Fwd: pf + pfsync + carp testing ... X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 01 Mar 2005 18:08:25 -0000 Thanks Max and Gleb. You have been a great help. The patch applied cleanly and compiled fine. After configuring a few carp interfaces, they seem to fail over well. I am curious though, is CARP designed to have interfaces fail over individually or as a group? For example ... box1 & box2 em0 -> carp0 -> External em1 -> carp1 -> Internal em2 -> carp2 -> DMZ If box1 is master for all interfaces when then its em2 goes down, only carp2 on box2 becomes master and assumes the service address? Box1 is still master for carp0 and carp1. Doesn't this cause problems when traffic passes in carp0 ( still master on box1 ) and needs to be forwarded out carp2? Also, when I configure a carp interface on the command line I do something like ... ifconfig carp0 create 192.168.253.1 \ netmask 255.255.255.0 vhid 1 advskew 1 but when I place the equivalent line in rc.conf as ... ifconfig_carp0="create 192.168.253.1 \ netmask 255.255.255.0 vhid 1 advskew 1" and reboot the box, it does not seem to take. Any suggestions? Matthew Grooms Network Engineer Seton Healthcare Network mgrooms@seton.org (512) 324 9913 Max Laier wrote: > On Monday 28 February 2005 22:54, Matthew Grooms wrote: > <...> > >>Is the ifconfig change part of the patch located at ... >> >>http://people.freebsd.org/~glebius/totest/carp-RELENG_5-patch >> >>... as I have not applied it yet. I assumed the pfsync ifconfig changes >>were already in the RELENG_5 branch. Did I make a poor assumption? > > > Okay, looks like this is confusing. You are not to blame for this, Matthew! > > Here is a walkthrough for testing this: > 0) Patch is located in your home directory. You should know what to fill in > for (anoncvs@... or /some/path). > 1) Checkout a *clean* RELENG_5 > $ cd /usr && rm -rf src && cvs -d co -rRELENG_5 src > 2) Apply the patch: > $ cd /usr/src && patch -p0 < ~/carp-RELENG_5-patch > Note the -p0 to get new files. > 3) Look for rejects: > $ find . -name \*.rej > 4) Normal {build, install}{world, kernel} dance. > > Hope this helps. >