Hallo!
Thanks for the reply! I am also aware that one popular use of
net.inet.carp.preempt is to control how the computer system as a whole
reacts to errors like one physical interface goes dead.
'man carp' says about net.inet.carp.preempt:
Allow virtual hosts to preempt each other. It is also used to failover
carp interfaces as a group. When the option is enabled and one of the
carp enabled physical interfaces goes down, advskew is changed to 240 on
allcarp interfaces. See also the first example. Disabled by default.
What i was interested in mainly this time is the so to say practical
meaning of the first sentence, in case how pair of carp interfaces in a
carp group behave while .carp.preempt is not set or is set.
I decided to dig a little bit deeper because sometimes i cant predict
events when i add another vlan and carp interface to the running system
(master for that particular carp device appears on the wrong side etc).
It could be easily said to me that if your are so interested use the
source but i am sorri the source is not much help for me, i am more
about just a user.
Imre
Felipe Alfaro Solana wrote:
On Thu, Apr 23, 2009 at 12:05 PM, Imre Oolberg <[email protected]> wrote:
Hallo!
I would like to confirm my understanding of how carp works and if the
following holds generally true.
After having on all participating nodes set to
# sysctl -w net.inet.carp.preempt=0
AFAIK CARP preempt has meaning only in the context of the machine to which
it applies. When CARP preempt is enabled, in a machine with multiple CARP
interfaces, whenever one CARP interface fails over, all other CARP
interfaces in the machine fail over too.
I'm using this on my 2-firewall configuration (active-passive) where each
machine has two CARP interfaces: internal interface and Internet-facing
interface. Whenever one of the interfaces failover, the other does too. This
way, both interfaces are either master or backup, at the same time. This
avoids the case where the internal interface is master and the
Internet-facing interface is backup (or the opposite).
one could change advskew value and actually no carp takeover takes place
automatically until issuing on the becoming master node
# ifconfig carp-interface-name state master
or on becoming backup node
# ifconfig carp-interface-name state backup
After that the carp master and backup change roles.
On the other hand, if all participating nodes are set to
# sysctl -w net.inet.carp.preempt=1
then under similar changes in advskew carp takeover happes automatically
.i.e master and backup change roles and 'state master' or 'state backup'
aint needed to be issued manually. (As merriam-webster says in one case for
preemtive being 'marked by the seizing of the initiative; initiated by
oneself')
Imre
PS The scope of this experiment is takeover within paticular carp group
(practically between two physical interfaceses) and not for all carp groups
as in case with firewall with several physical interfaces.
