On Mon, Apr 23, 2012 at 11:49:14AM -0700, Kyle Lanclos wrote:
> Where this presents a problem is if the current CARP master loses a single
> network interface (cable unplugged, isolated hardware failure, sysadmin
> failure, etc.), as opposed to the CARP master failing entirely. The slave
> will appropriately assume the master role for one CARP interface, but will
> *not* do so for the second.
Yes, it will:
net.inet.carp.preempt Allow virtual hosts to preempt each other.
It is also used to failover carp interfaces
as a group. When the option is enabled and
one of the carp enabled physical interfaces
goes down, advskew is changed to 240 on all
carp interfaces. See also the first example.
Disabled by default.
(i.e. this single sysctl knob enables both group failover and failback)
This covers link state change (unplugged cable) as well as
administrative down of the physical interface.
It does not cover the case where the link remains up, but the uplink
switch stops forwarding, for instance, but...
> We would like our otherwise nicely redundant firewall configuration to be
> resilient against this type of failure. Short of running a cron job every
> sixty seconds to check the interface state, is there some way we can
> automatically force the promotion of a CARP slave if a second CARP interface
> flips from slave to master?
.. see ifstated(8), which can ping uplink hops and issue ifconfig advskew
changes to demote the master when appropriate.
Daniel
