Date: Tue, 28 Feb 2017 17:04:27 -0800 From: Freddie Cash <fjwcash@gmail.com> To: Aristedes Maniatis <ari@ish.com.au> Cc: FreeBSD Stable <freebsd-stable@freebsd.org> Subject: Re: CARP forcing failover Message-ID: <CAOjFWZ5O9xvS3sZCEO-5M%2Bu1yWaijnRhD4CwKRW7UeNJMtvk=A@mail.gmail.com> In-Reply-To: <cceefde6-5bef-0900-3f0a-e84b161c8ef4@ish.com.au> References: <cceefde6-5bef-0900-3f0a-e84b161c8ef4@ish.com.au>
next in thread | previous in thread | raw e-mail | index | archive | help
Do you have the preemption sysctl enabled? That will fail-over all carp interfaces when any one fails. "sysctl -a | grep carp" I'm pretty sure there's also an ifconfig command to force the state as either master or backup. Check the man page. On Feb 28, 2017 5:01 PM, "Aristedes Maniatis" <ari@ish.com.au> wrote: > I have a pair network gateway boxes running FreeBSD 11 and pf. Upstream > runs VRRP to provide redundant links, one to each gateway. Internally I'm > using CARP for failover. > > All works well, but I find that manually failing over the link is a bit > complicated. In short I have this: > > em0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 > mtu 1500 > media: Ethernet autoselect (100baseTX <full-duplex>) > status: active > carp: BACKUP vhid 1 advbase 1 advskew 50 > igb0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 > mtu 1500 > media: Ethernet autoselect (1000baseT <full-duplex>) > status: active > carp: BACKUP vhid 2 advbase 1 advskew 50 > igb0.2: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric > 0 mtu 1500 > status: active > vlan: 2 vlanpcp: 0 parent interface: igb0 > carp: BACKUP vhid 3 advbase 1 advskew 50 > groups: vlan > > That's two internal vlans and one external network. Each interface has its > own vhid since that's the advice I had in the past. > > Now, what command can I type that I could run remotely (SSH over the em0 > link) to force all the CARP addresses simultaneously to decrease the > advskew and become MASTER. Alternatively I could run something on the > MASTER to make it BACKUP. Everything I've done so far is one command per > interface which has got me in trouble before as I manage to accidentally > remove my own access to the box before I'm done. > > Cheers > Ari > > please cc me. > > -- > --------------------------> > Aristedes Maniatis > CEO, ish > https://www.ish.com.au > GPG fingerprint CBFB 84B4 738D 4E87 5E5C 5EFA EF6A 7D2E 3E49 102A > >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAOjFWZ5O9xvS3sZCEO-5M%2Bu1yWaijnRhD4CwKRW7UeNJMtvk=A>