On Thu, Dec 16, 2004 at 08:54:54PM -0500, Jason Dixon wrote:
> There is probably a good reason for this, but might be hard to
> determine a) for an experienced user without access to your network, or
> b) for an inexperienced user *with* access to your network. ;-)
>
> I suggest monitoring your interfaces continually ("while true; do
> ifconfig -a | grep carp; sleep 1; clear; done") while you recreate your
> problems. It wouldn't hurt to also monitor your pfsync traffic for
> hiccups.
'ifconfig carp' works, no need for '-a | grep carp'. carp(4) state
transitions also show up on the routing socket, so you can do 'route
monitor'.
> I usually experience ~3 seconds of packet loss during a failover.
> Recovery is always instantaneous (no loss). Regardless, I've yet to
> lose any TCP connections. I'd suggest you try to isolate the
> questionable behavior.
>
> >Sorry if I sound like a "Loinux whiny", I'm almost there, just need a
> >few more pointers.
> >
> >1) If I reduce advskew to something like 10 on machine A and 12 on
> >machine b, would that increase the stability of the firewalls?
>
> I suggest larger advskew differences. You can only go as high as the
> size of your segment (256-1 for /24, for example). If you're only
> using 2 firewalls, I suggest advskews of 0 and 100. This isn't
> documented anywhere, and is only based on my own experience, so YMMV.
If by "not documented" you mean "explicitly ignoring the examples in the
carp(4) manpage", then you're correct :-)
The advskew range doesn't depend on the network segment. It's an 8 bit
number in the CARP packet and the legal values are 1-255. Keep the value
below 240 unless you really know what you're doing.
> >2) Why does it seem that when the master returns from me issuing a
> >reboot does the connection for the client appear to get shaky again?
What is the value of 'sysctl net.inet.carp.preempt'?
Those who want useful advice on a CARP problem should provide the output
of the following (from both machines):
$ ifconfig -a
$ sysctl net.inet.carp
$ netstat -sp carp
