Pierre, If I'm not mistaken the vhid on all your carp interfaces are the same value. I would suggest you use a unique value for each group.
>From the man : The Virtual Host ID. This is a unique number that is used to identify the redundancy group to other nodes on the network. Acceptable values are from 1 to 255. I think this is the way to go but I'm not sure. UM "Nonviolence means avoiding not only external physical violence but also internal violence of spirit. You not only refuse to shoot a man, but you refuse to hate him". Rev. Martin Luther King Jr. On Fri, Jun 26, 2009 at 6:31 AM, BARDOU Pierre<bardo...@mipih.fr> wrote: > Hello, > > CARP is configured using a script. Here it is (truncated version) : > > ifconfig carp5 create > ifconfig carp5 vhid 10 advskew $1 pass $PASS 10.31.0.254/16 description "LAN" > > ifconfig carp2 create > ifconfig carp2 vhid 10 advskew $1 pass $PASS 193.57.199.254/24 description "DMZ 1" > > ifconfig carp3 create > ifconfig carp3 vhid 10 advskew $1 pass $PASS 10.193.57.254/24 description "DMZ 2" > > ifconfig carp12 create > ifconfig carp12 vhid 10 advskew $1 pass $PASS 8.8.0.254/24 description "DMZ 3" > > > ifconfig carp13 create > ifconfig carp13 vhid 10 advskew $1 pass $PASS 10.193.70.254/24 description "DMZ 5" > > ifconfig carp4 create > ifconfig carp4 vhid 10 advskew $1 pass $PASS 10.60.0.254/24 description "DMZ Internet" > ifconfig carp4 alias 217.109.108.1/24 > > ifconfig carp14 create > ifconfig carp14 vhid 10 advskew $1 pass $PASS 217.109.xxx.xxx/28 description "Internet" > > > -- > Cordialement, > Pierre BARDOU > > > -----Message d'origine----- > De : uday [mailto:umoorjani....@gmail.com] > Envoyi : vendredi 26 juin 2009 12:21 > @ : BARDOU Pierre > Cc : misc@openbsd.org > Objet : Re: CARP problem : slave rioting > > Can you post configuration files for the carp interfaces ? > > "Nonviolence means avoiding not only external physical violence but > also internal violence of spirit. You not only refuse to shoot a man, > but you refuse to hate him". Rev. Martin Luther King Jr. > > > > On Mon, Jun 22, 2009 at 11:01 AM, BARDOU Pierre<bardo...@mipih.fr> wrote: >> Hello, >> >> I have a setup with 2 openBSD boxes used as firewall, redundancy is made using >> CARP. >> Each has 4 NIC : 1 for internet, 1 for pfsync, and the two last are used as a >> trunk, collecting all other VLANs. >> Master's advskew is 10, slave's is 50. >> All worked like a charm since nearly 2 years, but since 3 weeks I have odd >> problems : >> * on the net interface, the backup becomes master, but the master remains >> master -> Nearly half of the packets are lost >> I did a tcpdump on the slave's interface, carp packets from the master arrive. >> But it remains master ! >> Jun 22 16:42:50.572205 00:00:5e:00:01:0a 01:00:5e:00:00:12 0800 70: >> CARPv2-advertise 36: vhid=10 advbase=1 advskew=10 demote=0 (DF) [tos 0x10] >> Jun 22 16:42:50.748122 00:00:5e:00:01:0a 01:00:5e:00:00:12 0800 70: >> CARPv2-advertise 36: vhid=10 advbase=1 advskew=50 demote=0 (DF) [tos 0x10] >> >> * on my DMZ interface (vlan 4), the carp is in INIT state. By the way, as it >> is part of a trunk, physical connections are good : they work for all other >> VLANs. When I shut down the corresponding carp interface on the slave >> (ifconfig carp4 down), master becomes master again. >> >> Could you give me any clue to keep my master in master state ? >> >> Thank you >> >> -- >> Cordialement, >> >> Pierre BARDOU >> CSIM - Bureau 012 >> >> Midi Picardie Informatique Hospitalihre >> 12 rue Michel Labrousse >> BP93668 >> F-31036 Toulouse CEDEX 1 >> >> Til : 05 67 31 90 84 >> Fax : 05 34 61 51 00 >> Mail : bardo...@mipih.fr
