I'm also getting strange weirdnesses with carp on 5.0. I too upgraded
from quite an old 4.x version (4.6 IIRC).
The main thing I'm seeing is my master and backup switching back and
forth quite a few times. This is a pair of firewalls with carp
running on both the inside and outside firewall interfaces.
According to tcpdump I can see advertisements from the master being
broadcast, but I never see any broadcast from the backup (I can't
work out if that is correct behaviour or not).
My PF rules allow the CARP packets through:
pass in quick on $ext_if proto carp from $fw_ext_ips to 224.0.0.18
queue carp_out
pass in quick on $int_if proto carp from $fw_int_ips to 224.0.0.18
queue carp_in
pass out quick on $ext_if proto carp from $fw_ext_ips to 224.0.0.18
queue carp_out
pass out quick on $int_if proto carp from $fw_ext_ips to 224.0.0.18
queue carp_in
And according to pfctl -sr -vv I can see that those rules are indeed
matching packets.
The very odd thing is that on FW1:
carp: BACKUP carpdev em0 vhid 1 advbase 1 advskew 10
and on FW2:
carp: MASTER carpdev em1 vhid 2 advbase 1 advskew 200
I don't understand why the master is the one with the highest
advskew. This is the same on the inside carp interface too.
Any ideas?
-Matt
