RE: Problem with carp group failover

Fri, 08 Aug 2008 09:30:46 -0700 

Hi,

Thanks for your replies.

carp.preempt is enabled on both firewalls. See this

# sysctl -a | grep carp
net.inet.carp.allow=1
net.inet.carp.preempt=1
net.inet.carp.log=1
net.inet.carp.arpbalance=0

Here is also the configuration of the carp interfaces

FW1
/etc/hostname.carp1
inet 10.10.1.1 255.255.0.0 10.50.255.255 vhid 1 carpdev sis0

/etc/hostname.carp2
inet 67.113.45.130 255.255.255.224 67.113.45.159 vhid 2 carpdev sis1
inet alias 67.113.45.131 255.255.255.224 67.113.45.159 vhid 2 carpdev sis1
inet alias 67.113.45.132 255.255.255.224 67.113.45.159 vhid 2 carpdev sis1
inet alias 67.113.45.133 255.255.255.224 67.113.45.159 vhid 2 carpdev sis1


FW2
/etc/hostname.carp1
inet 10.10.1.1 255.255.0.0 10.50.255.255 vhid 1 carpdev sis0 advskew 128

/etc/hostname.carp2
inet 67.113.45.130 255.255.255.224 67.113.45.159 vhid 2 carpdev sis1 advskew 128
inet alias 67.113.45.131 255.255.255.224 67.113.45.159 vhid 2 carpdev sis1 
advskew 128
inet alias 67.113.45.132 255.255.255.224 67.113.45.159 vhid 2 carpdev sis1 
advskew 128
inet alias 67.113.45.133 255.255.255.224 67.113.45.159 vhid 2 carpdev sis1 
advskew 128

Thanks one more time for your help


--- On Thu, 8/7/08, Michael K. Smith - Adhost <[EMAIL PROTECTED]> wrote:

> From: Michael K. Smith - Adhost <[EMAIL PROTECTED]>
> Subject: RE: Problem with carp group failover
> To: "Wadner Cadet" <[EMAIL PROTECTED]>, pf@benzedrine.cx
> Date: Thursday, August 7, 2008, 4:12 PM
> Hello Wadner:
> 
> > -----Original Message-----
> > From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of
> > Wadner Cadet
> > Sent: Thursday, August 07, 2008 12:41 PM
> > To: pf@benzedrine.cx
> > Subject: Problem with carp group failover
> > 
> > Hi,
> > I am experiencing an issue with my two OpenBSD
> firewalls. I have two carp
> > interfaces (carp1 and carp2). On carp2, there are 6 ip
> aliases (external ip
> > addresses). The two carp interfaces belong to the same
> carp group. When one
> > carp interface fails, the other carp interface is not
> shifted to fail, which
> > means carp does not fail over as a group. This created
> a big problem, one carp
> > interface is master and the other one is backup on the
> same host.
> > 
> I think this will take care of it.  Using sysctl, 
> 
> net.inet.carp.preempt: 1
> 
> Regards,
> 
> Mike

Reply via email to