6.3: net.inet.carp.preempt=1 not working

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

6.3: net.inet.carp.preempt=1 not working

Harald Dunkel-3
Hi folks,

I am using IPv6-only on em0, dual stack on em1 and em2. The
corresponding carp interfaces carp{0..2} are all dual stack.
Platform is OpenBSD 6.3 plus the most recent syspatches.
Problem:

It seems that net.inet.carp.preempt=1 is not working. If I
reboot the regular master, then the dedicated backup gets
stuck in master mode on all carp interfaces, even when the
master is back online. AFAICT this is not supposed to happen.
Master mode should go back to the regular master.

The advbase and advskew params are set correctly. The vhids
are not in use anywhere else. The shared secrets are correct,
too.


Can anybody reproduce this problem?


Regards
Harri

Reply | Threaded
Open this post in threaded view
|

Re: 6.3: net.inet.carp.preempt=1 not working

Stuart Henderson
On 2018/06/29 10:43, Harald Dunkel wrote:

> Hi folks,
>
> I am using IPv6-only on em0, dual stack on em1 and em2. The
> corresponding carp interfaces carp{0..2} are all dual stack.
> Platform is OpenBSD 6.3 plus the most recent syspatches.
> Problem:
>
> It seems that net.inet.carp.preempt=1 is not working. If I
> reboot the regular master, then the dedicated backup gets
> stuck in master mode on all carp interfaces, even when the
> master is back online. AFAICT this is not supposed to happen.
> Master mode should go back to the regular master.
>
> The advbase and advskew params are set correctly. The vhids
> are not in use anywhere else. The shared secrets are correct,
> too.
>
>
> Can anybody reproduce this problem?
>
>
> Regards
> Harri
>

Suggestions: include "ifconfig -A" and "ifconfig -g carp" output from both
machines, also bump up net.inet.carp.log and see if that gives any clues.

Reply | Threaded
Open this post in threaded view
|

Re: 6.3: net.inet.carp.preempt=1 not working

Harald Dunkel-5
Hi Stuart,

On 6/29/18 11:23 AM, Stuart Henderson wrote:
>
> Suggestions: include "ifconfig -A" and "ifconfig -g carp" output from both
> machines, also bump up net.inet.carp.log and see if that gives any clues.
>

Found it:

I have a fail-save packet filter file, which is loaded before the
"large" pf.conf for production later. It was missing the

        pass quick proto carp

Maybe carp(4) could mention this packet filter rule.

Thanx for your support. I learned a lot about carp.


Regards
Harri