Hi, I have some problems with carp and vlans, at least I think so. I found this: http://archives.neohapsis.com/archives/openbsd/cvs/2005-04/0996.html so my assumption may be wrong, as I use openbsd 3.8.
I have four physical interfaces in my two firewalls, one for pfsync, one to the Internet, DMZ and LAN. At the LAN interface seven VLAN interfaces are configured. The Internet and DMZ interfaces are on em(4) and the pfsync and LAN vlans on a bge(4) interface. When I remove one of the Internet or DMZ cables, all Interfaces on both firewalls behave as expected, the Interface where the cable is removed, goes to state INIT, the others become backup. When I do this with the LAN interface, then all carp interfaces for the seven vlans go to master state, but the two remaining carp interfaces for the Internet and DMZ stay in backup mode. my configuration on both hosts: net.inet.carp.preempt=1 net.inet.carp.allow=1 net.inet.carp.arpbalance=0 hostname.carp0 !ifconfig em0 up vhid 1 carpdev em0 172.16.0.1 172.16.0.255 netmask 255.255.255.0 up hostname.carp1 !ifconfig em1 up vhid 1 carpdev em1 172.16.1.1 172.16.1.255 netmask 255.255.255.0 up hostname.carp2 !ifconfig bge0 up !ifconfig vlan0 create !ifconfig vlan0 vlan 3 vlandev bge0 up vhid 1 carpdev vlan0 192.168.0.1 192.168.1.255 netmask 255.255.254.0 up hostname.carp3 up to hostname.carp9 (only the vlan interface numbers and ip addresses are different) !ifconfig vlan1 create !ifconfig vlan1 vlan 4 vlandev bge0 up vhid 1 carpdev vlan0 192.168.2.1 192.168.3.255 netmask 255.255.254.0 up I also tried to use the em interfaces for the vlan devices, with the same result, the interfaces do not stay in sync. assume the following: i remove a cable from the backup host from the carp interfaces, doesn't matter which one. The carp interface goes into init state, then i plug it back in, and the interface goes into backup state. but with a chance of about 1 of 5 the interface changes its state from backup to master, but the other interfaces stay in backup mode. The second host has all interfaces as master but the one as backup where at the first host the corresponding interface is in master mode. I also tried with different vhid's on all interfaces, but with no different results. Anybody knows how to keep the carp interfaces on the vlan devices in same state with the carp interfaces bound to the physical interfaces? Any hint would be greatly appreciated. lars -- Echte DSL-Flatrate dauerhaft f|r 0,- Euro*! "Feel free" mit GMX DSL! http://www.gmx.net/de/go/dsl
