> On 1 Mar 2017, at 01:58, Aristedes Maniatis <[email protected]> wrote: > > I have a pair network gateway boxes running FreeBSD 11 and pf. Upstream runs > VRRP to provide redundant links, one to each gateway. Internally I'm using > CARP for failover. > > All works well, but I find that manually failing over the link is a bit > complicated. In short I have this: > > em0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu > 1500 > media: Ethernet autoselect (100baseTX <full-duplex>) > status: active > carp: BACKUP vhid 1 advbase 1 advskew 50 > igb0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu > 1500 > media: Ethernet autoselect (1000baseT <full-duplex>) > status: active > carp: BACKUP vhid 2 advbase 1 advskew 50 > igb0.2: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 > mtu 1500 > status: active > vlan: 2 vlanpcp: 0 parent interface: igb0 > carp: BACKUP vhid 3 advbase 1 advskew 50 > groups: vlan > > That's two internal vlans and one external network. Each interface has its > own vhid since that's the advice I had in the past. > > Now, what command can I type that I could run remotely (SSH over the em0 > link) to force all the CARP addresses simultaneously to decrease the advskew > and become MASTER. Alternatively I could run something on the MASTER to make > it BACKUP. Everything I've done so far is one command per interface which has > got me in trouble before as I manage to accidentally remove my own access to > the box before I'm done.
You may look into this sysctl: # sysctl -d net.inet.carp.demotion net.inet.carp.demotion: Adjust demotion factor (skew of advskew) Its value gets changed automatically if some event occurs (look into net.inet.carp.ifdown_demotion_factor, net.inet.carp.senderr_demotion_factor, net.pfsync.carp_demotion_factor), but you may also control it manually. A positive value value will increase the advskew of _all_ CARP announcements (on the wire, not visible with ifconfig IIRC) and therefore reduce the priority of the node. A negative value will of course do the opposite. Like this you can raise/lower the advskew above/below the other node and trigger a failover. net.inet.carp.preempt must be 1 on both nodes for this to have an immediate effect. Beware that net.inet.carp.demotion expects _relative_ values when altered through the sysctl interface. So 'sysctl net.inet.carp.demotion=100' will increase its current value by 100 and 'sysctl net.inet.carp.demotion=-100' will decrease its current value by 100. Markus _______________________________________________ [email protected] mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "[email protected]"
