Date: Wed, 1 Mar 2017 11:58:13 +1100 From: Aristedes Maniatis <ari@ish.com.au> To: freebsd-stable <freebsd-stable@freebsd.org> Subject: CARP forcing failover Message-ID: <cceefde6-5bef-0900-3f0a-e84b161c8ef4@ish.com.au>
next in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --FIB0n9UMiQ5g87f9oRhhxrnjCxN3q7B45 Content-Type: multipart/mixed; boundary="dW0clSgju8NbpbR1wrbSTgcd6eJHkklb6"; protected-headers="v1" From: Aristedes Maniatis <ari@ish.com.au> To: freebsd-stable <freebsd-stable@freebsd.org> Message-ID: <cceefde6-5bef-0900-3f0a-e84b161c8ef4@ish.com.au> Subject: CARP forcing failover --dW0clSgju8NbpbR1wrbSTgcd6eJHkklb6 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable I have a pair network gateway boxes running FreeBSD 11 and pf. Upstream r= uns VRRP to provide redundant links, one to each gateway. Internally I'm = using CARP for failover. All works well, but I find that manually failing over the link is a bit c= omplicated. In short I have this: em0: flags=3D8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric = 0 mtu 1500 media: Ethernet autoselect (100baseTX <full-duplex>) status: active carp: BACKUP vhid 1 advbase 1 advskew 50 igb0: flags=3D8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric= 0 mtu 1500 media: Ethernet autoselect (1000baseT <full-duplex>) status: active carp: BACKUP vhid 2 advbase 1 advskew 50 igb0.2: flags=3D8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metr= ic 0 mtu 1500 status: active vlan: 2 vlanpcp: 0 parent interface: igb0 carp: BACKUP vhid 3 advbase 1 advskew 50 groups: vlan That's two internal vlans and one external network. Each interface has it= s own vhid since that's the advice I had in the past. Now, what command can I type that I could run remotely (SSH over the em0 = link) to force all the CARP addresses simultaneously to decrease the advs= kew and become MASTER. Alternatively I could run something on the MASTER = to make it BACKUP. Everything I've done so far is one command per interfa= ce which has got me in trouble before as I manage to accidentally remove = my own access to the box before I'm done. Cheers Ari please cc me. --=20 --------------------------> Aristedes Maniatis CEO, ish https://www.ish.com.au GPG fingerprint CBFB 84B4 738D 4E87 5E5C 5EFA EF6A 7D2E 3E49 102A --dW0clSgju8NbpbR1wrbSTgcd6eJHkklb6-- --FIB0n9UMiQ5g87f9oRhhxrnjCxN3q7B45 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- iEYEARECAAYFAli2HKYACgkQ72p9Lj5JECqwlQCfStZyQE4khxiIKcWy4BfJoFeg MLEAn38ykZSpXqin+25QnYuRnoOTYKQM =H//8 -----END PGP SIGNATURE----- --FIB0n9UMiQ5g87f9oRhhxrnjCxN3q7B45--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?cceefde6-5bef-0900-3f0a-e84b161c8ef4>