One of the CARP interfaces stopped sending ARP replies on OpenBSD 6.0

Tue, 06 Dec 2016 04:49:08 -0800

At first I would like to say hello and greet everyone as this is my first post here. 

I am having strange issues with one of the CARP interfaces.
I have two OpenBSD boxes (fw1, fw2) running as HA firewalls with CARP interfaces in each VLAN. 

Both boxes are running on two Linux KVM (Proxmox 4.2) hosts.
One of CARP interfaces stopped responding on ARP requests on CARP IP - it's carp1 

running on physical dev vio1 which is also running pfsync on top.

It's weird because the rest of carp interfaces behave correctly.

# ifconfig carp1
carp1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        lladdr 00:00:5e:00:01:37
        index 18 priority 15 llprio 3
        carp: MASTER carpdev vio1 vhid 55 advbase 1 advskew 0
        groups: carp
        status: master
        inet 10.24.5.1 netmask 0xffffff00 broadcast 10.24.5.255

I've checked arp table on two boxes and there is no entry for carp1.

# arp -an | grep carp
10.24.10.1                           00:00:5e:00:01:02  carp2 permanent  l
10.24.20.1                           00:00:5e:00:01:03  carp3 permanent  l
10.24.21.1                           00:00:5e:00:01:04  carp4 permanent  l
10.24.22.1                           00:00:5e:00:01:05  carp5 permanent  l
10.24.23.1                           00:00:5e:00:01:06  carp6 permanent  l
10.24.24.1                           00:00:5e:00:01:07  carp7 permanent  l
10.24.30.1                           00:00:5e:00:01:08  carp8 permanent  l
10.24.51.1                           00:00:5e:00:01:09  carp9 permanent  l
10.24.52.1                           00:00:5e:00:01:0a carp10 permanent  l
10.24.53.1                           00:00:5e:00:01:0b carp11 permanent  l
10.24.54.1                           00:00:5e:00:01:0c carp12 permanent  l
10.24.55.1                           00:00:5e:00:01:0d carp13 permanent  l
192.168.188.30                       00:00:5e:00:01:1e  carp0 permanent  l
I don't know what could be the case of that as carp interface's states seems to be 

working right (both carp1 and the rest).

What changed:

- upgrade to OpenBSD 6.0-release from 5.8-release (through 5.9)

- new pppoe interface
- ifstated checking on carp1.link, calling pppoe up and reloading pf.conf if master 

What I've already checked:

- ifconfig down and up on carp1 does not help

- I don't see nothing suspicious in the logs

- tcpdump is showing CARP advertise 36 from master host

- PF is allowing CARP
- VHIDs are different on different carp interfaces, I got no other carp traffic running in this network
- multicasts are running well on physical interfaces (tested with omping on KVM hosts), IGMP snooping on and 

IGMP queries are sent from the switch

BTW, this is /etc/sysctl.conf:
net.inet.carp.allow=1
net.inet.carp.preempt=1
net.inet.carp.log=6
net.inet.ip.forwarding=1
net.inet.ip.redirect=0
kern.bufcachepercent=50

I am out of ideas for now and thinking about rolling back to 5.8.

Waiting for your suggestions what else could be a problem.

Reply via email to