Hi, Thanks for your replies.
carp.preempt is enabled on both firewalls. See this # sysctl -a | grep carp net.inet.carp.allow=1 net.inet.carp.preempt=1 net.inet.carp.log=1 net.inet.carp.arpbalance=0 Here is also the configuration of the carp interfaces FW1 /etc/hostname.carp1 inet 10.10.1.1 255.255.0.0 10.50.255.255 vhid 1 carpdev sis0 /etc/hostname.carp2 inet 67.113.45.130 255.255.255.224 67.113.45.159 vhid 2 carpdev sis1 inet alias 67.113.45.131 255.255.255.224 67.113.45.159 vhid 2 carpdev sis1 inet alias 67.113.45.132 255.255.255.224 67.113.45.159 vhid 2 carpdev sis1 inet alias 67.113.45.133 255.255.255.224 67.113.45.159 vhid 2 carpdev sis1 FW2 /etc/hostname.carp1 inet 10.10.1.1 255.255.0.0 10.50.255.255 vhid 1 carpdev sis0 advskew 128 /etc/hostname.carp2 inet 67.113.45.130 255.255.255.224 67.113.45.159 vhid 2 carpdev sis1 advskew 128 inet alias 67.113.45.131 255.255.255.224 67.113.45.159 vhid 2 carpdev sis1 advskew 128 inet alias 67.113.45.132 255.255.255.224 67.113.45.159 vhid 2 carpdev sis1 advskew 128 inet alias 67.113.45.133 255.255.255.224 67.113.45.159 vhid 2 carpdev sis1 advskew 128 Thanks one more time for your help --- On Thu, 8/7/08, Jason Dixon <[EMAIL PROTECTED]> wrote: > From: Jason Dixon <[EMAIL PROTECTED]> > Subject: Re: Problem with carp group failover > To: "Wadner Cadet" <[EMAIL PROTECTED]> > Cc: [email protected] > Date: Thursday, August 7, 2008, 4:28 PM > On Thu, Aug 07, 2008 at 12:40:37PM -0700, Wadner Cadet > wrote: > > Hi, > > I am experiencing an issue with my two OpenBSD > firewalls. I have two carp interfaces (carp1 and carp2). On > carp2, there are 6 ip aliases (external ip addresses). The > two carp interfaces belong to the same carp group. When one > carp interface fails, the other carp interface is not > shifted to fail, which means carp does not fail over as a > group. This created a big problem, one carp interface is > master and the other one is backup on the same host. > > > > Any help will be highly appreciated. > > It sounds like you don't have net.inet.carp.preempt > enabled. We need more > information (read: configs) to help you. > > -- > Jason Dixon > DixonGroup Consulting > http://www.dixongroup.net/
