From owner-freebsd-stable@FreeBSD.ORG Tue Jun 14 20:51:26 2011 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 20EEF106575B for ; Tue, 14 Jun 2011 20:51:26 +0000 (UTC) (envelope-from ml@my.gd) Received: from mail-ww0-f42.google.com (mail-ww0-f42.google.com [74.125.82.42]) by mx1.freebsd.org (Postfix) with ESMTP id B3E1B8FC17 for ; Tue, 14 Jun 2011 20:51:23 +0000 (UTC) Received: by wwk4 with SMTP id 4so65210wwk.1 for ; Tue, 14 Jun 2011 13:51:22 -0700 (PDT) Received: by 10.216.79.5 with SMTP id h5mr1769216wee.110.1308084682341; Tue, 14 Jun 2011 13:51:22 -0700 (PDT) Received: from [192.168.0.12] (did75-17-88-165-130-96.fbx.proxad.net [88.165.130.96]) by mx.google.com with ESMTPS id h43sm3709143wes.35.2011.06.14.13.51.20 (version=TLSv1/SSLv3 cipher=OTHER); Tue, 14 Jun 2011 13:51:21 -0700 (PDT) References: <4DF72488.6050806@my.gd> <4DF793B5.903@my.gd> <4DF79B72.2090805@comcast.net> In-Reply-To: <4DF79B72.2090805@comcast.net> Mime-Version: 1.0 (iPhone Mail 8J2) Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii Message-Id: <99A75196-BE3C-466C-9B0B-CF874C1287B5@my.gd> X-Mailer: iPhone Mail (8J2) From: Damien Fleuriot Date: Tue, 14 Jun 2011 22:51:18 +0200 To: Steve Polyack Cc: "freebsd-stable@freebsd.org" Subject: Re: Networking - CARP interfaces X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 Jun 2011 20:51:26 -0000 On 14 Jun 2011, at 19:33, Steve Polyack wrote: > On 06/14/2011 01:00 PM, Damien Fleuriot wrote: >>=20 >> I can confirm that this scenario causes problems, see below: >>=20 >> ### ON FIREWALL 1 , carp master for carp0, carp1, carp2 >> carp2: flags=3D49 metric 0 mtu 1500 >> inet 192.168.224.254 netmask 0xffffff00 >> carp: MASTER vhid 224 advbase 1 advskew 50 >>=20 >>=20 >> ### ON FIREWALL 2 , carp backup for carp0, carp1, carp2 >> carp2: flags=3D49 metric 0 mtu 1500 >> inet 192.168.234.254 netmask 0xffffff00 >> carp: BACKUP vhid 234 advbase 1 advskew 100 >>=20 >>=20 >> Now, I add a dummy IP to carp2 on FIREWALL 2, which is supposedly backup:= >>=20 >> ifconfig carp2 inet 192.168.234.207 alias >>=20 >> Result: >>=20 >> ### ON FIREWALL 1, carp master for carp0, carp1, carp2 >> carp2: flags=3D49 metric 0 mtu 1500 >> inet 192.168.224.254 netmask 0xffffff00 >> carp: MASTER vhid 224 advbase 1 advskew 50 >>=20 >> ### ON FIREWALL 2, carp backup for carp0, carp1, but no longer carp2 >> carp2: flags=3D49 metric 0 mtu 1500 >> inet 192.168.234.254 netmask 0xffffff00 >> inet 192.168.234.207 netmask 0xffffff00 >> carp: MASTER vhid 234 advbase 1 advskew 100 >> =20 >> =20 >> After I remove the extraneous IP, the interface becomes backup again: >>=20 >>=20 >> # This was a long time ago >> carp0: MASTER -> BACKUP (more frequent advertisement received) >> carp0: link state changed to DOWN >> carp2: MASTER -> BACKUP (more frequent advertisement received) >> carp2: link state changed to DOWN >> carp1: MASTER -> BACKUP (more frequent advertisement received) >> carp1: link state changed to DOWN >> carp2: link state changed to DOWN >> # This was when I ran my tests >> carp2: INIT -> MASTER (preempting) >> carp2: link state changed to UP >> carp2: MASTER -> BACKUP (more frequent advertisement received) >> carp2: link state changed to DOWN >=20 > Did you give this enough time to reasonably settle? Sometimes when the in= terfaces initially come up, they will become MASTER for a bit before backing= down. >=20 I think I did but I can do try again tomorrow evening just to make sure. Oh god, if only dmesg entries were timestamped... >> This entails that hosts in a given carp vhid must have the exact same IP >> addresses configured on that interface. >>=20 >> While this is perfectly understandable in a master-backup scenario, this >> is a bit more annoying for us in a master-backup + backup-backup >> scenario with 2 datacenters. >>=20 >> I'll just have to adapt and ensure they have the same IP addresses then. >=20 > I have a suspicion that the important part may be the number of IP address= es on the CARP interface. If CARP sends an advertisement from each IP alias= on a CARP interface, then I think that would explain what you are seeing - a= nd also possibly give you a workaround by adding two more bogus IPs on your p= rimary datacenter firewalls (where IPs W and Z are normally missing). >=20 > - Steve >=20 I'll give it a try, although I think in a scenario where the carp interfaces= have the same number of IPs and these IPs differ, both interfaces will clai= m mastership. Will post results.=