Re: [pfSense-discussion] wan interface failed causing carp failover
Oh, you will have to reboot after mucking with preempt settings and BOTH boxes have to have it set. --Bill On 8/27/05, Bill Marquette [EMAIL PROTECTED] wrote: Per 'man carp' net.inet.carp.preempt Allow virtual hosts to preempt each other. It is also used to failover carp interfaces as a group. When the option is enabled and one of the carp enabled physical interfaces goes down, advskew is changed to 240 on all carp interfaces. See also the first example. Disabled by default. --Bill On 8/27/05, Matthew Lenz [EMAIL PROTECTED] wrote: Scott mentioned that functionality required ifdepd .. preempt results in the same behavior? - Original Message - From: Bill Marquette [EMAIL PROTECTED] To: Matthew Lenz [EMAIL PROTECTED] Cc: discussion@pfsense.com Sent: Friday, August 26, 2005 7:00 PM Subject: Re: [pfSense-discussion] wan interface failed causing carp failover That's why a single interface failure didn't fail the whole box over then. --Bill On 8/26/05, Matthew Lenz [EMAIL PROTECTED] wrote: not currently no. Mainly cuz I have two firewalls I need to test new versions of pfsense before I can fail it over and upgrade the current MASTER for all the carp interfaces. Once I have everything production ready i'll probably enable preempt again. On Fri, 2005-08-26 at 15:03 -0500, Bill Marquette wrote: Are you using pre-empt? --Bill On 8/26/05, Matthew Lenz [EMAIL PROTECTED] wrote: I had an interesting thing happen today. The watchdog (atleast thats what the system log called it) on my WAN interface reset the WAN interface (any idea why that would have happened?) which caused all my outbound NAT to longer work. All my private gw (LAN/OPT*) carp interfaces/ips were still MASTER on fw0 but the the public (WAN) carp interface/ip to which I bound all my outbound NAT failed over to fw1. Should this have continued to function? It didn't. I had to disable carp on fw1 to let it the public carp interface fail back to fw0 (where all the other private carp interfaces were still MASTER). It almost seems that all the carp interfaces/ips need to failover if one of them goes down. Am I missing something? I'm sure I must be.
Re: [pfSense-discussion] wan interface failed causing carp failover
On 8/27/05, Bill Marquette [EMAIL PROTECTED] wrote: Oh, you will have to reboot after mucking with preempt settings and BOTH boxes have to have it set. Not on recent versions. I changed the CARP settings screen to call both of our carp functions which should set the preempt. Scott
Re: [pfSense-discussion] wan interface failed causing carp failover
On 8/27/05, Scott Ullrich [EMAIL PROTECTED] wrote: On 8/27/05, Bill Marquette [EMAIL PROTECTED] wrote: Oh, you will have to reboot after mucking with preempt settings and BOTH boxes have to have it set. Not on recent versions. I changed the CARP settings screen to call both of our carp functions which should set the preempt. If it works, great. I thought this was a FreeBSD issue though. If it's not working, try rebooting :) --Bill
Re: [pfSense-discussion] wan interface failed causing carp failover
On Fri, 2005-08-26 at 01:50 -0400, Chris Buechler wrote: On 8/26/05, Matthew Lenz [EMAIL PROTECTED] wrote: The watchdog (atleast thats what the system log called it) on my WAN interface reset the WAN interface (any idea why that would have happened?) various reasons. I have some Broadcom gig NIC's (bge) onboard on Dell 2550 servers that like to do this periodically for no apparent reason. Takes the NIC down for a minute or two, and only happens maybe once a week if that, which isn't a big deal for these particular servers so I haven't taken the time to look into it much yet. Seems to be a driver bug from the initial research I've done. The best I've found in most situations is people saying well, I gave up and dumped the bge card for an Intel and it's working fine. Found one account of somebody that had access to the source code for the Windows driver and talked about how there were so many work arounds in it for bge hardware issues it wasn't even funny. They seem to be solid on Windows though, so I don't know... anyway...What kind of NIC is it? I'll give you one guess. :/ (hint: you just talked about it in the previous paragraph) as for the rest, I'll leave that to somebody who knows about the CARP implementation. -cmb
Re: [pfSense-discussion] wan interface failed causing carp failover
Intel Intel Intel Intel. Really, use Intel. On 8/26/05, Matthew Lenz [EMAIL PROTECTED] wrote: On Fri, 2005-08-26 at 01:50 -0400, Chris Buechler wrote: On 8/26/05, Matthew Lenz [EMAIL PROTECTED] wrote: The watchdog (atleast thats what the system log called it) on my WAN interface reset the WAN interface (any idea why that would have happened?) various reasons. I have some Broadcom gig NIC's (bge) onboard on Dell 2550 servers that like to do this periodically for no apparent reason. Takes the NIC down for a minute or two, and only happens maybe once a week if that, which isn't a big deal for these particular servers so I haven't taken the time to look into it much yet. Seems to be a driver bug from the initial research I've done. The best I've found in most situations is people saying well, I gave up and dumped the bge card for an Intel and it's working fine. Found one account of somebody that had access to the source code for the Windows driver and talked about how there were so many work arounds in it for bge hardware issues it wasn't even funny. They seem to be solid on Windows though, so I don't know... anyway...What kind of NIC is it? I'll give you one guess. :/ (hint: you just talked about it in the previous paragraph) as for the rest, I'll leave that to somebody who knows about the CARP implementation. -cmb
Re: [pfSense-discussion] wan interface failed causing carp failover
I think it _might_ be because that bge0 is sharing an irq with one of the usb controllers. I'm going to disable as much of the onboard stuff as possible that I have no intention of using. (usb is one of them) On Fri, 2005-08-26 at 10:11 -0400, Scott Ullrich wrote: Intel Intel Intel Intel. Really, use Intel. On 8/26/05, Matthew Lenz [EMAIL PROTECTED] wrote: On Fri, 2005-08-26 at 01:50 -0400, Chris Buechler wrote: On 8/26/05, Matthew Lenz [EMAIL PROTECTED] wrote: The watchdog (atleast thats what the system log called it) on my WAN interface reset the WAN interface (any idea why that would have happened?) various reasons. I have some Broadcom gig NIC's (bge) onboard on Dell 2550 servers that like to do this periodically for no apparent reason. Takes the NIC down for a minute or two, and only happens maybe once a week if that, which isn't a big deal for these particular servers so I haven't taken the time to look into it much yet. Seems to be a driver bug from the initial research I've done. The best I've found in most situations is people saying well, I gave up and dumped the bge card for an Intel and it's working fine. Found one account of somebody that had access to the source code for the Windows driver and talked about how there were so many work arounds in it for bge hardware issues it wasn't even funny. They seem to be solid on Windows though, so I don't know... anyway...What kind of NIC is it? I'll give you one guess. :/ (hint: you just talked about it in the previous paragraph) as for the rest, I'll leave that to somebody who knows about the CARP implementation. -cmb
Re: [pfSense-discussion] wan interface failed causing carp failover
not currently no. Mainly cuz I have two firewalls I need to test new versions of pfsense before I can fail it over and upgrade the current MASTER for all the carp interfaces. Once I have everything production ready i'll probably enable preempt again. On Fri, 2005-08-26 at 15:03 -0500, Bill Marquette wrote: Are you using pre-empt? --Bill On 8/26/05, Matthew Lenz [EMAIL PROTECTED] wrote: I had an interesting thing happen today. The watchdog (atleast thats what the system log called it) on my WAN interface reset the WAN interface (any idea why that would have happened?) which caused all my outbound NAT to longer work. All my private gw (LAN/OPT*) carp interfaces/ips were still MASTER on fw0 but the the public (WAN) carp interface/ip to which I bound all my outbound NAT failed over to fw1. Should this have continued to function? It didn't. I had to disable carp on fw1 to let it the public carp interface fail back to fw0 (where all the other private carp interfaces were still MASTER). It almost seems that all the carp interfaces/ips need to failover if one of them goes down. Am I missing something? I'm sure I must be.
Re: [pfSense-discussion] wan interface failed causing carp failover
Scott mentioned that functionality required ifdepd .. preempt results in the same behavior? - Original Message - From: Bill Marquette [EMAIL PROTECTED] To: Matthew Lenz [EMAIL PROTECTED] Cc: discussion@pfsense.com Sent: Friday, August 26, 2005 7:00 PM Subject: Re: [pfSense-discussion] wan interface failed causing carp failover That's why a single interface failure didn't fail the whole box over then. --Bill On 8/26/05, Matthew Lenz [EMAIL PROTECTED] wrote: not currently no. Mainly cuz I have two firewalls I need to test new versions of pfsense before I can fail it over and upgrade the current MASTER for all the carp interfaces. Once I have everything production ready i'll probably enable preempt again. On Fri, 2005-08-26 at 15:03 -0500, Bill Marquette wrote: Are you using pre-empt? --Bill On 8/26/05, Matthew Lenz [EMAIL PROTECTED] wrote: I had an interesting thing happen today. The watchdog (atleast thats what the system log called it) on my WAN interface reset the WAN interface (any idea why that would have happened?) which caused all my outbound NAT to longer work. All my private gw (LAN/OPT*) carp interfaces/ips were still MASTER on fw0 but the the public (WAN) carp interface/ip to which I bound all my outbound NAT failed over to fw1. Should this have continued to function? It didn't. I had to disable carp on fw1 to let it the public carp interface fail back to fw0 (where all the other private carp interfaces were still MASTER). It almost seems that all the carp interfaces/ips need to failover if one of them goes down. Am I missing something? I'm sure I must be.
[pfSense-discussion] wan interface failed causing carp failover
I had an interesting thing happen today. The watchdog (atleast thats what the system log called it) on my WAN interface reset the WAN interface (any idea why that would have happened?) which caused all my outbound NAT to longer work. All my private gw (LAN/OPT*) carp interfaces/ips were still MASTER on fw0 but the the public (WAN) carp interface/ip to which I bound all my outbound NAT failed over to fw1. Should this have continued to function? It didn't. I had to disable carp on fw1 to let it the public carp interface fail back to fw0 (where all the other private carp interfaces were still MASTER). It almost seems that all the carp interfaces/ips need to failover if one of them goes down. Am I missing something? I'm sure I must be.
Re: [pfSense-discussion] wan interface failed causing carp failover
On 8/26/05, Matthew Lenz [EMAIL PROTECTED] wrote: The watchdog (atleast thats what the system log called it) on my WAN interface reset the WAN interface (any idea why that would have happened?) various reasons. I have some Broadcom gig NIC's (bge) onboard on Dell 2550 servers that like to do this periodically for no apparent reason. Takes the NIC down for a minute or two, and only happens maybe once a week if that, which isn't a big deal for these particular servers so I haven't taken the time to look into it much yet. Seems to be a driver bug from the initial research I've done. The best I've found in most situations is people saying well, I gave up and dumped the bge card for an Intel and it's working fine. Found one account of somebody that had access to the source code for the Windows driver and talked about how there were so many work arounds in it for bge hardware issues it wasn't even funny. They seem to be solid on Windows though, so I don't know... anyway...What kind of NIC is it? as for the rest, I'll leave that to somebody who knows about the CARP implementation. -cmb