On Thu, May 19, 2011 at 3:57 PM, Gary Thornock <[email protected]> wrote: > My previous company has a pair of firewalls running OpenBSD 4.4 with > CARP. They've been running with no problem since just after the 4.4 > release, until the last couple of days. > > Now, the firewall that should be in BACKUP state has somehow decided > that it needs to be MASTER for some, but not all, of the CARP interfaces, > even though the master machine is running fine. Something like this: > > > if machine 1 machine 2 > carp0 MASTER BACKUP > carp1 MASTER BACKUP > carp2 MASTER MASTER > carp3 MASTER BACKUP > carp4 MASTER MASTER > > > The interfaces where both machines try to be MASTER at the same time > become unreliable or unreachable. > > I looked around Google but couldn't turn up any reports of similar > issues. Admittedly I might have been searching for the wrong terms, > though. > > Any ideas as to what could be causing this problem? They're likely > to rebuild both machines in the next week or so, either with 4.6 (so > they can keep their existing pf.conf) or with 4.9 so as to be current, > but they'd like some assurance that a rebuild will actually solve the > problem. (If it were, say, a failing NIC, updating the software > wouldn't help.) > > For whatever it's worth, the machines in question are Poweredge R200s, > with the two on-board Broadcom gigabit ports and an additional Intel > gigabit card for pfsync. They're running the i386 rather than the > amd64 version of OpenBSD. >
What does netstat -s -p carp show? Run that on each firewall. Also, can you paste the contents of hostname.carp2 and hostname.carp4 from each firewall? -Bryan
