Issue with carp int going to MASTER state on two boxes

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Issue with carp int going to MASTER state on two boxes

kyle-14
Hey all,

I have two openbsd 3.9 boxes set up with 3 carp interfaces(spread out
across 3 physical interfaces). I have preempt=0 in sysctl. My
carp0(em0 carpdev) and carp1(em1 carpdev) behave properly - never run
into any issue(i.e. the primary firewall always has it's carp0 and
carp1 in MASTER, while the backup is in BACKUP state). But my
carp2(em2 carpdev) goes into a MASTER state on both firewalls.

I've doublechecked everything in hostname.em2 and hostname.carp2, all
looks fine. I have a pfsync interface over em3 on these two firewalls.
Even if I manually try to force the states via a:

ifconfig carp2 advskew 10 on the primary
ifconfig carp2 advskew 239 on the backup

the backup firewall still goes into MASTER state for carp2 almost
immediately(both the primary and backup firewall are in MASTER state
for carp2).

What other info might someone need to help me figure this out? I
presently dont have carp logging enabled, but will do so if no one has
any ideas from my above description.

Thanks!

Reply | Threaded
Open this post in threaded view
|

Re: Issue with carp int going to MASTER state on two boxes

Kai Mosebach
Hi,

can you run a tcpdump on your physical interface an see if you receive
carp advertisements from the other box in the form of

09:53:25.278656 CARPv2-advertise 36: vhid=42 advbase=1 advskew=1
demote=0 (DF) [tos 0x10]

and/or do you have firewalling which might block the carp traffic?

Best Kai

> Hey all,
>
> I have two openbsd 3.9 boxes set up with 3 carp interfaces(spread out
> across 3 physical interfaces). I have preempt=0 in sysctl. My
> carp0(em0 carpdev) and carp1(em1 carpdev) behave properly - never run
> into any issue(i.e. the primary firewall always has it's carp0 and
> carp1 in MASTER, while the backup is in BACKUP state). But my
> carp2(em2 carpdev) goes into a MASTER state on both firewalls.
>
> I've doublechecked everything in hostname.em2 and hostname.carp2, all
> looks fine. I have a pfsync interface over em3 on these two firewalls.
> Even if I manually try to force the states via a:
>
> ifconfig carp2 advskew 10 on the primary
> ifconfig carp2 advskew 239 on the backup
>
> the backup firewall still goes into MASTER state for carp2 almost
> immediately(both the primary and backup firewall are in MASTER state
> for carp2).
>
> What other info might someone need to help me figure this out? I
> presently dont have carp logging enabled, but will do so if no one has
> any ideas from my above description.
>
> Thanks!

Reply | Threaded
Open this post in threaded view
|

Re: Issue with carp int going to MASTER state on two boxes

kyle-14
I forgot to post a followup to this. I had a buddy of mine who ran
into a similiar issue the other day which was the exact problem I had
had. I figured it out way back when(year ago?) and if he just ran into
the problem now Im sure others have and will in the future.

The issue was the network the problematic carp interface was on had a
router(foundry devices) vrrp interface on it as well, and the mac for
the carp on the fw and the vrrp on the routers conflicted(since carp
and vrrp use the same range of 00:00:5e:00:01).

Now my policy is to start my carp interfaces at 30 and above and
anything 29 or below is designated for my routers(vrrp/vrrpe) so there
is no collision.

Hope this helps.

Kyle

On 1/31/07, Kai Mosebach <[hidden email]> wrote:

> Hi,
>
> can you run a tcpdump on your physical interface an see if you receive
> carp advertisements from the other box in the form of
>
> 09:53:25.278656 CARPv2-advertise 36: vhid=42 advbase=1 advskew=1
> demote=0 (DF) [tos 0x10]
>
> and/or do you have firewalling which might block the carp traffic?
>
> Best Kai
>
> > Hey all,
> >
> > I have two openbsd 3.9 boxes set up with 3 carp interfaces(spread out
> > across 3 physical interfaces). I have preempt=0 in sysctl. My
> > carp0(em0 carpdev) and carp1(em1 carpdev) behave properly - never run
> > into any issue(i.e. the primary firewall always has it's carp0 and
> > carp1 in MASTER, while the backup is in BACKUP state). But my
> > carp2(em2 carpdev) goes into a MASTER state on both firewalls.
> >
> > I've doublechecked everything in hostname.em2 and hostname.carp2, all
> > looks fine. I have a pfsync interface over em3 on these two firewalls.
> > Even if I manually try to force the states via a:
> >
> > ifconfig carp2 advskew 10 on the primary
> > ifconfig carp2 advskew 239 on the backup
> >
> > the backup firewall still goes into MASTER state for carp2 almost
> > immediately(both the primary and backup firewall are in MASTER state
> > for carp2).
> >
> > What other info might someone need to help me figure this out? I
> > presently dont have carp logging enabled, but will do so if no one has
> > any ideas from my above description.
> >
> > Thanks!