hello,
> I noticed in your original email that fw2 had advskews of 10's and
> 100's. This suggests that CARP may not be setup the way you think it
> is (based on the asvskew 240 in the hostname files).
The difference appear, when I have testing various configurations. Now
I have advskew equal on all carp interfaces.
> BTW, if carp detects an interface failure it sets it's advskew to 240,
> in this case your secondary will still not preempt the primary. I'd
> suggest setting your advskew on the secondary a little lower (I
> usually put mine at 10 for primary and 100 for secondary).
ok, so I have changed my configuration on fw2 with advskew 100. But
with no positive results. Still on fw2 I have:
# ifconfig -a | grep BACKUP | wc -l
11
# ifconfig -a | grep MASTER | wc -l
37
# ifconfig -a | grep BACKUP
carp: BACKUP carpdev em2 vhid 1 advbase 1 advskew 100
carp: BACKUP carpdev em0 vhid 2 advbase 1 advskew 100
carp: BACKUP carpdev em0 vhid 11 advbase 1 advskew 100
carp: BACKUP carpdev em0 vhid 19 advbase 1 advskew 100
carp: BACKUP carpdev em0 vhid 20 advbase 1 advskew 100
carp: BACKUP carpdev em0 vhid 28 advbase 1 advskew 100
carp: BACKUP carpdev em0 vhid 29 advbase 1 advskew 100
carp: BACKUP carpdev em0 vhid 38 advbase 1 advskew 100
carp: BACKUP carpdev em0 vhid 39 advbase 1 advskew 100
carp: BACKUP carpdev em0 vhid 46 advbase 1 advskew 100
carp: BACKUP carpdev em0 vhid 47 advbase 1 advskew 100
But when I have shut down fw1, all of carp interfaces on fw2 changed
state to MASTER. So this works well. Unfortunately after fw1 came up,
only few interfaces switch to BACKUP state:
# ifconfig -a | grep BACKUP | wc -l
11
# ifconfig -a | grep BACKUP
carp: BACKUP carpdev em2 vhid 1 advbase 1 advskew 100
carp: BACKUP carpdev em0 vhid 2 advbase 1 advskew 100
carp: BACKUP carpdev em0 vhid 11 advbase 1 advskew 100
carp: BACKUP carpdev em0 vhid 19 advbase 1 advskew 100
carp: BACKUP carpdev em0 vhid 20 advbase 1 advskew 100
carp: BACKUP carpdev em0 vhid 28 advbase 1 advskew 100
carp: BACKUP carpdev em0 vhid 29 advbase 1 advskew 100
carp: BACKUP carpdev em0 vhid 38 advbase 1 advskew 100
carp: BACKUP carpdev em0 vhid 39 advbase 1 advskew 100
carp: BACKUP carpdev em0 vhid 46 advbase 1 advskew 100
carp: BACKUP carpdev em0 vhid 47 advbase 1 advskew 100
Yes, I know, that this may looks like I have different carp
configurations, but this is not true. I have check it.
Today I have replaced realtek cards to Intel PRO/1000GT - only to
dedicated pfsync traffic. I have also connect new crossover cable to
these. But as before, situation doesn't change.
In pf.conf I have enabled debug level to laud. In dmesg I can see:
pf: state insert failed: tree_lan_ext lan: SOME_EXTERNAL_ADDR:52528
gwy: SOME_EXTERAL_ADDR:52528 ext: 192.168.0.109:443 (from sync)
pf: state insert failed: tree_lan_ext lan: SOME_EXTERNAL_ADDR:52528
gwy: SOME_EXTERNAL_ADDR:52528 ext: 192.168.0.109:443 (from sync)
pf: state insert failed: tree_lan_ext lan: 192.168.0.109:443 gwy:
MY_CARP_ADDR:443 ext: SOME_EXTERNAL_ADDR:52528 (from sync)
pfsync: ignoring stale update (2) id: 43bd58e800000e02 creatorid: 4f514703
pfsync: ignoring stale update (2) id: 43bd58e800000dff creatorid: 4f514703
pfsync: ignoring stale update (2) id: 43bd58e800000dfe creatorid: 4f514703
pfsync: partial stale update (7) id: 43bd58e800000dff creatorid: 4f514703
pfsync: partial stale update (7) id: 43bd58e800000dfe creatorid: 4f514703
I have also, change a little configuration of pfsync interface. I have
added syncpeer parameter.
fw1:
# cat /etc/hostname.pfsync0
up syncpeer 172.16.1.2 syncdev em1
fw2:
# cat /etc/hostname.pfsync0
up syncpeer 172.16.1.1 syncdev em1
But this change also don't help.
best regards,
Krzysztof Gibas.
