Hello All:
I had posted this question about a month ago, but I've added some trace
data that I hope will help the gurus see what's going on (because I'm
stumped). Here's the breakdown:
1) Two PF boxes running in failover mode
2) Reboot MASTER
3) TCP Connections established through the active PF box before the
reboot die, although the connection shows up on both boxes (see trace
below)
4) New connections work perfectly.
So, the problem is with established sessions transferring from the
MASTER to the new MASTER upon failover.
Here's the output from 'pfctl -vvss'.
MASTER
-------
self tcp 10.211.100.110:110 <- x.x.x.164:110 <- x.x.x.98:52857
ESTABLISHED:ESTABLISHED
[526026435 + 65535] wscale 1 [2600240610 + 65665] wscale 0
age 00:00:03, expires in 04:59:57, 3:2 pkts, 168:154 bytes, rule 9
id: 45c3ac4500000080 creatorid: 70b9fa06
self tcp x.x.x.98:52857 -> 10.211.100.110:110
ESTABLISHED:ESTABLISHED
[2600240610 + 65665] wscale 0 [526026435 + 65535] wscale 1
age 00:00:03, expires in 04:59:57, 3:2 pkts, 168:154 bytes
id: 45c3ac4500000081 creatorid: 70b9fa06
BACKUP
-------
self tcp 10.211.100.110:110 <- x.x.x.164:110 <- x.x.x.98:52857
ESTABLISHED:ESTABLISHED
[526026435 + 65535] wscale 1 [2600240610 + 65665] wscale 0
age 00:00:27, expires in 04:59:51, 0:0 pkts, 0:0 bytes
id: 45c3ac4500000080 creatorid: 70b9fa06
self tcp x.x.x.98:52857 -> 10.211.100.110:110
ESTABLISHED:ESTABLISHED
[2600240610 + 65665] wscale 0 [526026435 + 65535] wscale 1
age 00:00:27, expires in 04:59:51, 0:0 pkts, 0:0 bytes
id: 45c3ac4500000081 creatorid: 70b9fa06
I ran pfctl -xm and the only output is:
Feb 2 14:04:00 mailnat-01 kernel: arp_rtrequest: bad gateway
10.211.100.254 (!AF_LINK)
Feb 2 14:04:00 mailnat-01 kernel: arp_rtrequest: bad gateway x.x.x.164
(!AF_LINK)
Feb 2 14:04:11 mailnat-01 kernel: em3: link state changed to DOWN
Feb 2 14:04:13 mailnat-01 kernel: em3: link state changed to UP
Where em3 is the PFSYNC Interface.
Here's the ifconfig from one of the boxes. The second looks identical
except the interface addresses are different (of course).
em1: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
options=b<RXCSUM,TXCSUM,VLAN_MTU>
inet x.x.x.165 netmask 0xfffffff0 broadcast x.x.x.175
ether 00:04:23:d2:85:79
media: Ethernet autoselect (1000baseSX <full-duplex>)
status: active
em2: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
options=b<RXCSUM,TXCSUM,VLAN_MTU>
inet 10.211.100.1 netmask 0xffff0000 broadcast 10.211.255.255
ether 00:30:48:89:92:0e
media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
em3: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=b<RXCSUM,TXCSUM,VLAN_MTU>
inet 172.16.1.1 netmask 0xffffff00 broadcast 172.16.1.255
ether 00:30:48:89:92:0f
media: Ethernet autoselect (1000baseTX <full-duplex>)
status: active
pfsync0: flags=41<UP,RUNNING> mtu 1348
pfsync: syncdev: em3 syncpeer: 172.16.1.2 maxupd: 128
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x6
inet6 ::1 prefixlen 128
inet 127.0.0.1 netmask 0xff000000
pflog0: flags=141<UP,RUNNING,PROMISC> mtu 33208
carp1: flags=49<UP,LOOPBACK,RUNNING> mtu 1500
inet x.x.x.164 netmask 0xfffffff0
carp: MASTER vhid 1 advbase 1 advskew 0
carp2: flags=49<UP,LOOPBACK,RUNNING> mtu 1500
inet 10.211.100.254 netmask 0xffff0000
carp: MASTER vhid 2 advbase 1 advskew 0
Thanks,
Mike
