> -----Original Message-----
> From: Steven Surdock
> Sent: Sunday, September 27, 2009 7:33 PM
> To: Laurent CARON
> Subject: RE: ifstated with carp0
>
> > -----Original Message-----
> > From: Laurent CARON [mailto:[email protected]]
> > Sent: Sunday, September 27, 2009 2:53 PM
> > To: Steven Surdock
> > Subject: Re: ifstated with carp0
> >
> > On 27/09/2009 19:46, Steven Surdock wrote:
> > > Did tcpdump show both firewalls receiving both carp announcements?
> >
> > When FW1 is master it sends carp announcments
> >
> > 1254077435.737232 00:00:5e:00:01:01 01:00:5e:00:00:12 0800 70: carp
> > 213.XX.XX.XX > 224.0.0.18: CARPv2-advertise 36: vhid=1 advbase=1
> > advskew=0 demote=0 (DF) [tos 0x10] (ttl 255, id 838, len 56)
> >
> > When FW2 is master it sends carp announcments
> >
> > 1254077515.475785 00:00:5e:00:01:01 01:00:5e:00:00:12 0800 70: carp
> > 213.YY.YY.YY > 224.0.0.18: CARPv2-advertise 36: vhid=1 advbase=1
> > advskew=100 demote=0 (DF) [tos 0x10] (ttl 255, id 8880, len 56)
> >
> > Announcments are seen by both peers
>
> Oh, dear. I misread your original post. I thought you were having
issues
> with carp failover, but I see now your issue is with ifstated. Sorry
for the
> noise. What version (OS) are you running and what does 'ifstated
-dvv'
> reveal?
Hmmm... I just upgraded a pair from 4.4 to 4.5 and I think I am having
the same problem you are seeing. Interestingly, I had a problem with
the upgrade a couple days ago and left ifstated running. It
transitioned, but not when I expected.
FORCE FAILOVER
Sep 25 13:56:31 fw2 /bsd: carp1: state transition: MASTER -> BACKUP
Sep 25 13:56:31 fw2 /bsd: carp0: state transition: MASTER -> BACKUP
Sep 25 13:56:31 fw2 /bsd: carp10: state transition: MASTER -> BACKUP
Sep 25 13:56:31 fw2 /bsd: carp11: state transition: MASTER -> BACKUP
Sep 25 13:56:31 fw2 /bsd: carp12: state transition: MASTER -> BACKUP
Sep 25 13:56:33 fw2 /bsd: carp5: state transition: MASTER -> BACKUP
Sep 25 13:56:33 fw2 /bsd: carp4: state transition: MASTER -> BACKUP
Sep 25 13:56:49 fw2 /bsd: carp2: state transition: MASTER -> BACKUP
Sep 25 13:56:51 fw2 /bsd: carp6: state transition: MASTER -> BACKUP
Sep 25 13:56:53 fw2 /bsd: carp8: state transition: MASTER -> BACKUP
Sep 25 13:56:53 fw2 /bsd: carp7: state transition: MASTER -> BACKUP
Sep 25 13:56:53 fw2 /bsd: carp9: state transition: MASTER -> BACKUP
...
NO IDEA WHAT CAUSED THIS (LOCAL LAN)
Sep 26 14:18:32 fw2 /bsd: carp2: state transition: BACKUP -> MASTER
Sep 26 14:19:03 fw2 /bsd: carp2: state transition: MASTER -> BACKUP
Sep 27 11:39:55 fw2 /bsd: carp2: state transition: BACKUP -> MASTER
Sep 27 11:40:27 fw2 /bsd: carp2: state transition: MASTER -> BACKUP
...
HERE IS IFSTATED DETECTING THE FAILOVER, WHICH SHOULD HAVE HAPPENED ON
SEP 25, BUT DIDN'T
Sep 26 14:19:03 fw2 ifstated[16189]: changing state to normal
Sep 26 14:19:03 fw2 ifstated[16189]: running date|mail -s 'FW2 is now
the backup firewall' root
---/etc/ifstated.conf---
primary = "carp0.link.up && carp10.link.up && carp11.link.up"
backup = "carp0.link.down && carp10.link.down && carp11.link.down"
state auto {
init {
run "sleep 30"
}
if $primary
set-state failover
if $backup
set-state normal
}
state failover {
init {
run "date|mail -s 'FW2 is now the primary firewall'
root"
}
if $backup
set-state normal
}
state normal {
init {
run "date|mail -s 'FW2 is now the backup firewall' root"
}
if $primary
set-state failover
}
-Steve S.
