it doesn't match the FAQ, but it works.
my fail was using nat "from 192.168.0.0/16 to !192.168.0.0/16" and it
affected CARP traffic, because of its multicast nature (it matched !
192.168.0.0/16)
not many people read FAQ actually.
I like the idea of OpenBSD "just to work out of a box", it's more about how
people think and do.
13 MARTA 2012 G. 14:52 POLXZOWATELX Janne Johansson
<icepic...@gmail.com>NAPISAL:
> 2012/3/4 iLXQ {IPICIN <chipits...@gmail.com>:
> > thank to Camiel Dobbelaar, carp log at 6 shown ip_output problem, which
> > lead me to:
> >
> > pass quick proto carp no state
>
> Which doesn't match the PF FAQ which says:
> "Since CARP is its own protocol it should have an explicit pass rule
> in filter rulesets:
> pass out on $carp_dev proto carp keep state"
>
> I'll test the "no state" as soon as I can rig one of my previously
> failing boxes to not use my carppeer workaround.
>
> >
> >
> > it did the job (I still do not understand how forewall passed 6
> interfaces
> > and blocked 7th, need to have a closer look, but after that rule
> everything
> > became ok,
> > pf stopped blocking carp announces)
> >
> > 2 MARTA 2012 G. 21:31 POLXZOWATELX favar <889...@gmail.com> NAPISAL:
> >
> >> hi list, we have same problem with carp. (with 45 ip addresses)
> >> and after reboot, host with advskew 200 became master, and with
> >> advskew 1 - slave.
> >>
> >> 2012/3/2 iLXQ {IPICIN <chipits...@gmail.com>:
> >> > no, I copied hostname.carpXX, just added "advskew 200"
> >> > parameters are the same.
> >> >
> >> > 2 MARTA 2012 G. 15:25 POLXZOWATELX Otto Moerbeek <o...@drijf.net>
> >> NAPISAL:
> >> >
> >> >> On Fri, Mar 02, 2012 at 01:53:17PM +0500, ???? ??????? wrote:
> >> >>
> >> >> > hello!
> >> >> >
> >> >> > we are running CARP-ed load balancers (carp over different vlans).
> >> >> > it was running just great with 6 carp addresses.
> >> >> >
> >> >> > when we added 7th, randomly we get MASTERs on both server for
> certain
> >> >> carp
> >> >> > interface. After reboot we can get different carp interface on dual
> >> >> MASTER
> >> >> > state, and so on.
> >> >> > carp negotiations are ok, tcpdump shows them all. both peers see
> each
> >> >> other.
> >> >> >
> >> >> > if I put one interface to BACKUP state, it goes to mASTER soon.
> >> >> >
> >> >> > we are runnung 5.0/amd64
> >> >> >
> >> >> > Cheers,
> >> >> > Ilya Shipitsin
> >> >>
> >> >> Carefully compare the address lists (including masks) on both
> >> >> machines. Likely they are not the same.
> >> >>
> >> >> -Otto
> >
>
>
>
> --
> To our sweethearts and wives. May they never meet. -- 19th century toast
