Hi,
I have a setup with three machines, all i386, and all plugged into
one switch:
A: 5.1 (IPv4: master)
B: 5.0 (IPv4: backup)
C: 5.2 (IPv4: master, IPv6: backup)
Each host has two IPv4 carp interfaces, all on one interface (carp0 and
carp1), and host C has an additional carp2 with only an IPv6 address (no
IPv4).
Now, A + B work nicely with two carp interfaces (IPv4), but A+C do not.
While the carp interface for IPv6 goes into MASTER mode, as expected, if
I change the advskew on A, the IPv4 interfaces don't go into MASTER
mode, but stay in BACKUP mode instead, no matter what:
Eg. from C:
# cat /etc/hostname.carp*
# carp0:
inet 10.0.0.1 255.255.248.0 10.0.7.255 vhid 1 advskew 100 pass pass1 carpdev em0
# carp1:
inet 10.1.1.1 255.255.255.0 10.1.1.255 vhid 2 advskew 100 pass pass2 carpdev em0
# carp2:
inet6 3ffe:3ffe::1 32 vhid 3 advskew 100 pass pass3 carpdev em0
With this setup, carp1 will stay in BACKUP mode when I say "ifconfig
carp1 advskew 120" on A, while on B, it would go into MASTER
immediately.
I also have trouble taking carp2 down and up again, like in "ifconfig
carp2 down; ifconfig carp2 up". The result is that carp2 does no longer
respond to any packets sent to 3ffe:3ffe::1. Sending to the IPv6 address
bound to em0 continues to work like a charm, though. Saying "ifconfig
carp2 destroy; sh /etc/netstart carp2" - which I thought would re-create
the carp2 pseudy-device from scratch, does also not work, but elicits
the following error message from the kernel:
/bsd: in6_ifloop_request: ADD operation failed for 3ffe:3ffe::0001 (errno=17)
There are error messages related to duplicate IPv6 addresses, mentioning
the link-local auto-generated IPv6 address, which is the same for all
carp interfaces, eg:
/bsd: nd6_na_input: duplicate IP6 address fe80:0008::0200:5eff:fe00:0102
Touring the logs, I also find related error messages that I could not
yet make sense of:
/bsd: arpresolve: 10.0.0.1: route without link local address
The mentioned address is being advertised by A as the master, and
intended to be switched around by the CARP mechanism (works with A+B).
On C, I have pf disabled. On all three systems, I have bgpd enabled. On
A, I have pf enabled with these rules:
# pfctl -s r
block drop in quick on egress proto tcp from <sshguard> to any ...
pass quick on em0 proto carp all keep state (no-sync)
pass quick on em1 proto carp all keep state (no-sync)
When I reboot the machine, the states of the CARP interface(s) are being
set correctly, but I don't know how to change them thereafter, as
described above.
The desired target state is to have A + C as a pair of CARP'ed routers
for both IPv4 and IPv6.
What am I doing wrong?
TIA!
Kind regards,
--Toni++
