On 12/31/05, ed <[EMAIL PROTECTED]> wrote:
> On Thu, 29 Dec 2005 14:41:38 +0100
> Marcin Miksowski <[EMAIL PROTECTED]> wrote:
>
> > Is there any solution to resolve my problems with carp? If there is
> > necessary to show You more informations on my current configuration I
> > will do everything what I only can.
>
> From experience CARP can behave odly if you have differing
> configurations, neither knows which should be master, try and avoid
> having differences between the primary and secondary CARP boxes.
Thanks for your reply.
I have double check my configurations, and I don't see any
differences. pf.conf is identical on both firewalls, and all of
/etc/hostname.carp* also.
fw1:
# ls -l /etc/hostname.carp* | wc -l
48
# cat /etc/hostname.carp0
inet 192.168.0.5 255.255.255.0 192.168.0.255 vhid 1 carpdev em1
advskew 1 pass 31337
# cat /etc/hostname.carp1
inet 111.111.111.13 255.255.255.0 111.111.111.255 vhid 2 carpdev em0
advskew 1 pass 31337
# cat /etc/hostname.carp2
inet 111.111.111.14 255.255.255.0 111.111.111.255 vhid 3 carpdev em0
advskew 1 pass 31337
# cat /etc/hostname.carp3
inet 111.111.111.16 255.255.255.0 111.111.111.255 vhid 4 carpdev em0
advskew 1 pass 31337
fw2:
# ls -l /etc/hostname.carp* | wc -l
48
# cat /etc/hostname.carp0
inet 192.168.0.5 255.255.255.0 192.168.0.255 vhid 1 carpdev em1
advskew 240 pass 31337
# cat /etc/hostname.carp1
inet 111.111.111.13 255.255.255.0 111.111.111.255 vhid 2 carpdev em0
advskew 240 pass 31337
# cat /etc/hostname.carp2
inet 111.111.111.14 255.255.255.0 111.111.111.255 vhid 3 carpdev em0
advskew 240 pass 31337
# cat /etc/hostname.carp3
inet 111.111.111.16 255.255.255.0 111.111.111.255 vhid 4 carpdev em0
advskew 240 pass 31337
similarly on other carp interfaces. Now, only for test purposes I have
set same password on all carp interfaces.
Maybe can I dump traffic on my carp intefaces with tcpdump and show You?
I have tried almoust everything, and I don't have any ideas what can
by wrong with my configuration. I have tried ifstated also with bad
results. On fw2 few carp interfaces are in BACKUP state which is ok,
but most of them are in MASTER state. In the same time, on fw1 all
carp interfaces are in MASTER state.
And why I have such huge amount of packets with "discarded for bad
vhid" and with "failed state lookup/inserts"?
carp:
26372251 packets received (IPv4)
0 packets received (IPv6)
0 packets discarded for bad interface
0 packets discarded for wrong TTL
0 packets shorter than header
0 discarded for bad checksums
0 discarded packets with a bad version
0 discarded because packet too short
0 discarded for bad authentication
19121070 discarded for bad vhid
0 discarded because of a bad address list
9677959 packets sent (IPv4)
0 packets sent (IPv6)
0 send failed due to mbuf memory error
pfsync:
100204 packets received (IPv4)
0 packets received (IPv6)
0 packets discarded for bad interface
0 packets discarded for bad ttl
0 packets shorter than header
0 packets discarded for bad version
0 packets discarded for bad HMAC
0 packets discarded for bad action
0 packets discarded for short packet
0 states discarded for bad values
0 stale states
70846 failed state lookup/inserts
1074144 packets sent (IPv4)
0 packets sent (IPv6)
0 send failed due to mbuf memory error
716310 send error
I will appreciate any help.
best regards,
Marcin Miksowski
