On Wed, Jun 20, 2018 at 07:57:17PM +0200, Henrik Dige Semark wrote: > Hey everybody, > > I'm experiencing problems with CARP after upgrading to 6.3, it was working > fine between my two servers in 6.2 but after upgrading (first backup and > then master) I have a ping package loss on about 20%. > > It seem like the backup server tries to take the master, cause it's the > only one changing the states. When it changes state the symptoms is: > one package is dropped (ping), and it switches back to backup. I haven't > changed anything, carp-config or PF, except the upgrade to 6.3. > > It works if i shutdown the master, then Backup takes over fine and gives > back to master when it gets up, but when it's just running in backup, it > switches back and fourth. > > I have tried tcpdumping and looking at my pfsync0 but I can't find the > problem. I have tried to write my CARP settings again in hostname.carp* > on both servers, check if pfsync0 is on the same interface and IP-range > on both servers, checked my PF and everything, but can't find the problem... > > It does it across all 6 CARP's, so it looks like it's missing a hardbeat > or something once in a while. > > I also tried switching from multicast to unicast, in case my ISP (running > Juniper equipment) have activated something on the WAN side, but it didn't > change my experience - but since it also happens on my LAN I didn't really > expect this to be the problem. > > # Server 1 > My /etc/hostname.* for CARP's and pfsync + host adaptor: > https://pastebin.com/vrtuPqnQ > My /etc/pf.conf: https://pastebin.com/yhVkG4x4 > > # Server 2 > My /etc/hostname.* for CARP's and pfsync + host adaptor: > https://pastebin.com/a7fuM923 > My /etc/pf.conf: https://pastebin.com/xNr1TtZ7 > > Any help or pointers would be fantastic. > I have struggled with this for a week now and I'm running out of idears - > the only solution I have right now is turning off the backup server. > > $ uname -a > OpenBSD BSD-firewall01.static.semarkit.net 6.3 GENERIC.MP#107 amd64 > > Both servers is running on a KVM host running Debian Stretch with ZFS-for- > Linux and they haven't been touched either since it got installed, neither > before, under or after the problems started. > > em0 is passed through the host and running all the VLAN and CARP things, > while em1 (pfsync0) is a crossed connection between the two host servers > not connected to the outside world or switch. > > If you need any other information on anything in the setup, please feel > free to ask, I'm really annoyed by this, since it has worked and now it > don't, and I can't figure out why or what I have missed. > > The only thing I haven't tried yet is to install a couple of new server > and reproduce the problem. > > Sorry for a really long post! > And to the people receiving this message for the second time, I'm really > sorry to, but had some problems with my DMARC settings. > > -- Med Venlig Hilsen / Best Regards Henrik Dige Semark
> Just a quick thought as em devices are emulated on kvm did you try disableling hw offloading on the interfaces? I had some similair issue with a vps pings seem to work but other traffic had drops. Regards Robert
