Date: Thu, 16 Feb 2012 09:41:01 +0100 From: Damien Fleuriot <ml@my.gd> To: peter knezel <peter.knezel@gmail.com> Cc: freebsd-questions@freebsd.org Subject: Re: From analysis of a simple ifstated.conf to more compex example Message-ID: <4F3CC11D.1080105@my.gd> In-Reply-To: <CAAwfu_=5-t0=C2_2ZeK5cf3N-e5_%2BiZPGLPk9S-Tks78sKpVYA@mail.gmail.com> References: <CAAwfu_n%2BVjgeihzWRa1F6v6PhCA943sFHR7eFxA1Ycc8NbjXpQ@mail.gmail.com> <4F314AFB.8080901@my.gd> <CAAwfu_kfj2mqT9qVSh2_9LpfcvOrxBJiwNRi_x79VcjGQLwGqw@mail.gmail.com> <4F3BEA73.9060005@my.gd> <CAAwfu_=5-t0=C2_2ZeK5cf3N-e5_%2BiZPGLPk9S-Tks78sKpVYA@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Preemption is used to ensure that, if a CARP interface goes down on host
A, host B will then assume mastership for all interfaces.
It prevents the nasty situation where you'd have, for example:
Public IP: master on host A
Private IP: master on host B
servers behind firewalls hosts A and B:
- traffic arrives on host A which creates a PF state
- servers reply via their default gateway, the CARP IP now master on host B
Host B doesn't have a state for the traffic, drops it.
To enable preemption you need to run sysctl net.inet.carp.preempt=1 and
add the corresponding line to your sysctls file in etc.
On 2/15/12 7:04 PM, peter knezel wrote:
> Well,
>
> I am not fully familiar with CARP, but if the different carp interfaces
> are used for different purpose (ftp, tftp, scp), is it a good idea to
> put down all of them, if they are able to serve their purpose?
>
> BTW, what is CARP preemption and how is it possible to enable it?
>
> Kind regards,
>
> Peter
>
> On 15 February 2012 18:25, Damien Fleuriot <ml@my.gd <mailto:ml@my.gd>>
> wrote:
>
> Sorry about the late reply, didn't see yours.
>
> What about enabling CARP preemption to ensure that when a carp interface
> goes down, the whole set does ?
>
>
> On 2/7/12 9:13 PM, peter knezel wrote:
> > Hello Damien,
> >
> > I did read your example but cannot get idea from it.
> > For three interfaces you have much more possibilities.
> >
> > Imagine you start the server from uuu state which is equal to
> > net = '( "ifconfig -a -u |grep carp0 > /dev/null" every 3 &&
> "ifconfig -a -u
> > |grep carp1 > /dev/null" every 3 && "ifconfig -a -u |grep carp2 >
> /dev/null"
> > every 3)'
> >
> > Now you put down one carp interface - so system is in state :
> > *state one:*
> > (duu) || (udu) || (uud) <----which is same as !$net
> > run script1.sh
> > go to twoff
> >
> > now imagine, you put down any other carp interface:
> > *state twoff: *
> > (dud) || (ddu) || (udd)
> > run script2.sh
> > go to two
> >
> > *state two: *
> > put all interfaces up
> > run script3.sh
> > go to state one
> >
> > it means, this is one of the possibilities system can behave (this
> > situation does not describe all possible states - I have taken this
> > special example.)
> >
> > Now if you want to put up after putting down one carp interface, you
> > fail since it is in state twoff.
> > Only of you put down second carp interface it goes to state two and if
> > you put both up, it will go to state one.
> >
> > This is where my ifstated.conf fails to work.
> >
> > Kind regards,
> >
> > Peter Knezel
> >
> >
> > On 7 February 2012 17:02, Damien Fleuriot <ml@my.gd
> <mailto:ml@my.gd> <mailto:ml@my.gd <mailto:ml@my.gd>>>
> > wrote:
> >
> > On 2/7/12 3:36 PM, peter knezel wrote:
> > > Hello all,
> > >
> > > I would like to ask somebody to explain me how the ifstated
> works
> > according to
> > > the following configuration file.
> > > I have three virtual carp interfaces carp0,carp1 and carp2.
> > >
> > > I try to understand the following setting:
> > > The server is in state one (all carp interfaces are up) and
> if there
> > > is carp down of any:
> > > one (carp0 or carp1 or carp2),
> > > two ([carp0 and carp1] or [carp0 and carp2] or [carp1 and
> carp2]),
> > > three interfaces (carp 0 and carp1 and carp2), server
> > > runs the script testdown.sh and put the server into state two.
> > > If all carp interfaces are up, the server runs the testup.sh
> and set
> > > the state to one.
> > >
> >
> > That is my understanding.
> >
> >
> > > Is it the way the system works?
> > > Or am I wrong?
> > >
> > > ===
> > > init-state one
> > >
> > > net = '( "ifconfig -a -u |grep carp0 > /dev/null" every 3 &&
> > "ifconfig -a -u
> > > |grep carp1 > /dev/null" every 3 && "ifconfig -a -u |grep
> carp2 >
> > /dev/null"
> > > every 3)'
> > >
> > > state one {
> > > if ( ! $net ) {
> > > run "/usr/local/testdown.sh"
> > > set-state two
> > > }
> > > }
> > >
> > > state two {
> > > if ( $net ) {
> > > run "/usr/local/testup.sh"
> > > set-state one
> > > }
> > > }
> > > ===
> > >
> > > Is there any possibility to define and set ifstated.conf that
> > reacts when:
> > >
> > > any one of the carp interfaces is down - followed by
> another any
> > > other carp interface down
> > >
> > >
> > > I tried to define states:
> > >
> > > duu ="!carp0.link.up && carp1.link.up && carp2.link.up"
> > > udu ="carp0.link.up && !carp1.link.up && carp2.link.up"
> > > uud ="carp0.link.up && carp1.link.up && !carp2.link.up"
> > > ddu ="!carp0.link.up && !carp1.link.up"
> > > dud ="!carp0.link.up && !carp2.link.up"
> > > udd ="!carp1.link.up && !carp2.link.up"
> > >
> > > and used them but somehow I cannot incorporate all state
> changes and
> > > include it in ifstated.conf.
> > >
> >
> >
> > Works fine here, did you not have any luck with the file I posted
> > earlier ?
> > _______________________________________________
> > freebsd-questions@freebsd.org
> <mailto:freebsd-questions@freebsd.org>
> <mailto:freebsd-questions@freebsd.org
> <mailto:freebsd-questions@freebsd.org>>
> > mailing list
> > http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> > To unsubscribe, send any mail to
> > "freebsd-questions-unsubscribe@freebsd.org
> <mailto:freebsd-questions-unsubscribe@freebsd.org>
> > <mailto:freebsd-questions-unsubscribe@freebsd.org
> <mailto:freebsd-questions-unsubscribe@freebsd.org>>"
> >
> >
>
>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4F3CC11D.1080105>