From owner-freebsd-stable@freebsd.org Wed Mar 1 03:31:58 2017 Return-Path: Delivered-To: freebsd-stable@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 0971CCF26C5 for ; Wed, 1 Mar 2017 03:31:58 +0000 (UTC) (envelope-from fjwcash@gmail.com) Received: from mail-qk0-x22b.google.com (mail-qk0-x22b.google.com [IPv6:2607:f8b0:400d:c09::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id B32BFC50 for ; Wed, 1 Mar 2017 03:31:57 +0000 (UTC) (envelope-from fjwcash@gmail.com) Received: by mail-qk0-x22b.google.com with SMTP id n127so51059716qkf.0 for ; Tue, 28 Feb 2017 19:31:57 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=QMbSCk98QEZXqGPSJ/c981+bOra5+AdtLLGd0jlsD2A=; b=VCaPIZE+rcq8tXF0KwuJR3r9cN1alvPSwV/d2QIU81WcQZr9K3esNW76G86HQ2FJse axpg1Yh9+X8nb44Om+eflMc5MGp8rYJ4vzjlCCVpFw/6fr+0d2fPWwBr4WHbWajW3T4Y 9kY7QvcoYsuY8mGjfoEuT28hOUzL9B/j76cXpQ4DDDUferteqjHLZEs0QI7KU/IKxReL t6e0ZEcShtXS55HWjYbtTdPWC/6ncrWa3fqBTTR0USQ6IllOG7bQRF4jmzZEYfXYC6gU c2rHTOF93q/vyH019vK83JFMi6aKBMGKbxAt+ifn7p3g6QM5ApPmkVrlo4H+MT5W1rz0 figQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=QMbSCk98QEZXqGPSJ/c981+bOra5+AdtLLGd0jlsD2A=; b=FaTCGCPdxyNMyjqHOyEKT4O461qJDtpYFRgHRqHxmCdFur/Fz+YDgK3+DEbuv63Fvf NtbzUIwtXOZo13FJZWUCzSrmuY9GlWRK6o/JzD5vsukQuoiLDtfQyBhsn/YRoP6DYOUH ZvZ9b3GylLulkGpaO5lTgiVJf1PSGGsRAz9R2/75649NCGI5Xij1cEZgDskdCgweKAfE 22GKhV0StMXBUGp0vNt5KWWby3f9YVDxgnKxyesg1ep9Yc5xiD7lFWJ6BlFDkTUiWobc TiGCs5kDMRhp+hq5ZfrrNA19xQ+7zBxqwMfnCyaS1405FVH7GM68Izq0oDMz33CV3QY4 b6EA== X-Gm-Message-State: AMke39lNRNoZxlHZWTrXcjlqzOIQJZ7t7EaiA9h5UuP1d57e9lcKSVKkzRqgJgWf/4vzkr+uVcA5vSTvooevZg== X-Received: by 10.237.59.194 with SMTP id s2mr6862964qte.199.1488339116865; Tue, 28 Feb 2017 19:31:56 -0800 (PST) MIME-Version: 1.0 Received: by 10.140.28.202 with HTTP; Tue, 28 Feb 2017 19:31:56 -0800 (PST) Received: by 10.140.28.202 with HTTP; Tue, 28 Feb 2017 19:31:56 -0800 (PST) In-Reply-To: <513164a2-1a73-dd03-2feb-43fa53dd1b88@ish.com.au> References: <513164a2-1a73-dd03-2feb-43fa53dd1b88@ish.com.au> From: Freddie Cash Date: Tue, 28 Feb 2017 19:31:56 -0800 Message-ID: Subject: Re: CARP forcing failover To: Aristedes Maniatis Cc: FreeBSD Stable Content-Type: text/plain; charset=UTF-8 X-Content-Filtered-By: Mailman/MimeDel 2.1.23 X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 01 Mar 2017 03:31:58 -0000 Doesn't "ifconfig vhid XX state master" do what you want? It forces that vhid over to master, which should preempt the other interfaces to switch as well. One command. On Feb 28, 2017 5:10 PM, "Aristedes Maniatis" wrote: > Yes, the automatic failover is great and works perfectly to bring all > interfaces over at once. But to manually force a failover I need to change > the advskew one interface at a time with ifconfig. > > Ari > > > On 1/3/17 12:04pm, Freddie Cash wrote: > > Do you have the preemption sysctl enabled? That will fail-over all carp > interfaces when any one fails. > > > > "sysctl -a | grep carp" > > > > I'm pretty sure there's also an ifconfig command to force the state as > either master or backup. Check the man page. > > > > > > On Feb 28, 2017 5:01 PM, "Aristedes Maniatis" ari@ish.com.au>> wrote: > > > > I have a pair network gateway boxes running FreeBSD 11 and pf. > Upstream runs VRRP to provide redundant links, one to each gateway. > Internally I'm using CARP for failover. > > > > All works well, but I find that manually failing over the link is a > bit complicated. In short I have this: > > > > em0: flags=8943 > metric 0 mtu 1500 > > media: Ethernet autoselect (100baseTX ) > > status: active > > carp: BACKUP vhid 1 advbase 1 advskew 50 > > igb0: flags=8943 > metric 0 mtu 1500 > > media: Ethernet autoselect (1000baseT ) > > status: active > > carp: BACKUP vhid 2 advbase 1 advskew 50 > > igb0.2: flags=8943 > metric 0 mtu 1500 > > status: active > > vlan: 2 vlanpcp: 0 parent interface: igb0 > > carp: BACKUP vhid 3 advbase 1 advskew 50 > > groups: vlan > > > > That's two internal vlans and one external network. Each interface > has its own vhid since that's the advice I had in the past. > > > > Now, what command can I type that I could run remotely (SSH over the > em0 link) to force all the CARP addresses simultaneously to decrease the > advskew and become MASTER. Alternatively I could run something on the > MASTER to make it BACKUP. Everything I've done so far is one command per > interface which has got me in trouble before as I manage to accidentally > remove my own access to the box before I'm done. > > > > Cheers > > Ari > > > > please cc me. > > > > -- > > --------------------------> > > Aristedes Maniatis > > CEO, ish > > https://www.ish.com.au > > GPG fingerprint CBFB 84B4 738D 4E87 5E5C 5EFA EF6A 7D2E 3E49 102A > > > > -- > --------------------------> > Aristedes Maniatis > CEO, ish > https://www.ish.com.au > GPG fingerprint CBFB 84B4 738D 4E87 5E5C 5EFA EF6A 7D2E 3E49 102A > >