On Tue, Nov 10, 2009 at 7:25 PM, Otto Moerbeek <[email protected]> wrote:
> On Tue, Nov 10, 2009 at 06:36:24PM +1100, Mikel Lindsaar wrote: > > > > Shouldn't you run different vhid ID of carp on different carp instance. > > > Here you have Carp0 and carp 1 both running with vhid 1, so how will > the > > > system see them as different one? > > > > Initially I had them running as different VHIDs. carp0 was vhid 1 and > carp1 > > was vhid 2, however, this did not work either... plus I would get unknown > > vhid errors in the netstat -s -p pfsync output if I had different vhids. > > > > Mikel > > Then you did something else wrong, like forgetting to change them on > both hosts. Different carp interfaces should have different vhids. > Also, a common error is to have (slightly) different ip's, netmasks or > aliases on the the carp interfaces for the two hosts. Not disputing the fact that I have done something wrong, but perhaps my reply should have been more succinct, in that: I tried with different VHIDs and the error was the same, ie, CARP still worked, however it did not increase the advskew on all carp interfaces on the same host when one carp interface was taken off line preventing the backup firewall from preempting all interfaces. To clarify, CARP is working in terms of redundancy, what does not seem to be working is the preempting of the primary firewall interfaces by the backup firewall should _one_ of the primary interfaces be taken off line. I returned the interfaces to carp0 = VHID 1 and carp1 = VHID 2 on both firewalls... still the same preempting problem. Mikel
