Re: CARP - Active/Active question
Tried to play a bit with this setup? Like, shutting down fw1 and see what happens? Ping from client-side and tcpdump on both machines??? NO?! You should. //mxb On 15 okt 2012, at 11:33, Indunil Jayasooriya induni...@gmail.com wrote: Hi list, I configured CARP - Active/Active. ( Things work ) I have an question, When Both are Active/Active, Both should work simultaneously by balancing traffic. Am I right ? But, ifconfig on fw1 says, *status: master * and ifconfig on fw2 says, *status: backup Pls see the output of both fw1 and fw2 * *on fw1* carp1: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 lladdr 01:00:5e:00:01:01 priority: 0 carp: carpdev em0 advbase 1 balancing ip * state MASTER vhid 1 advskew 0 state BACKUP vhid 2 advskew 100* groups: carp * status: master* inet6 fe80::a00:27ff:fe05:3294%carp1 prefixlen 64 scopeid 0x7 inet 192.168.0.100 netmask 0xff00 broadcast 192.168.0.255 *on fw2 * carp1: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 lladdr 01:00:5e:00:01:01 priority: 0 carp: carpdev em0 advbase 1 balancing ip *state BACKUP vhid 1 advskew 100 state MASTER vhid 2 advskew 0* groups: carp *status: backup* inet6 fe80::a00:27ff:fe14:3690%carp1 prefixlen 64 scopeid 0x7 inet 192.168.0.100 netmask 0xff00 broadcast 192.168.0.255 Why is that? When* status is master and backup* , Do these 2 nodes ( fw1 and fw2 ) work simultaneously by balancing traffic? and one node goes down, all 100% traffic go via running node? That's What I want to achieve. Pls let me know. Here's the HOW TO, I performed. CARP - Active/Active configuration ( CARP, pfsync, PF and relayd ) -- -- | fw1 |-em1--em1-| fw2 | +-+ +-+ em0||em0 || ---+---Shared LAN---+--- fw1 em0 - 192.168.0.10 em1 - 192.168.9.67 ( for pfsync ) fw2 em0 - 192.168.0.11 em1 - 192.168.9.68 ( for pfsync ) carp1 - LAN shared IP: 192.168.0.100 on fw1 # hostname fw1.example.com # cat /etc/hostname.em0 inet 192.168.0.10 255.255.255.0 # cat /etc/hostname.em1 inet 192.168.9.67 255.255.255.0 on fw2 # hostname fw2.example.com # cat /etc/hostname.em0 inet 192.168.0.11 255.255.255.0 # cat /etc/hostname.em1 inet 192.168.9.68 255.255.255.0 net.inet.ip.forwarding=1 in /etc/sysctl.conf on both fw1 and fw2 with below command sysctl -w net.inet.ip.forwarding=1 Edit net.inet.ip.forwarding=1 in /etc/sysctl.conf file in this way # less /etc/sysctl.conf |grep net.inet.ip.forwarding=1 net.inet.ip.forwarding=1# 1=Permit forwarding (routing) of IPv4 packets Configure fw1: ! enable preemption and group interface failover # sysctl -w net.inet.carp.preempt=1 Uncomment net.inet.carp.preempt=1 in /etc/sysctl.conf in this way # less /etc/sysctl.conf |grep net.inet.carp.preempt=1 net.inet.carp.preempt=1 # 1=Enable carp(4) preemption ! configure pfsync # ifconfig em1 192.168.9.67 netmask 255.255.255.0 # ifconfig pfsync0 syncdev em1 # ifconfig pfsync0 up ! configure CARP on the LAN side # ifconfig carp1 create # ifconfig carp1 192.168.0.100/24 carpnodes 1:0,2:100 balancing ip \ pass lanpasswd vi /etc/hostname.carp1 inet 192.168.0.100 255.255.255.0 192.168.0.255 carpnodes 1:0,2:100 balancing ip pass lanpasswd vi /etc/hostname.pfsync0 up syncdev em1 Configure fw2: ! enable preemption and group interface failover # sysctl -w net.inet.carp.preempt=1 Uncomment net.inet.carp.preempt=1 in /etc/sysctl.conf in this way # less /etc/sysctl.conf |grep net.inet.carp.preempt=1 net.inet.carp.preempt=1 # 1=Enable carp(4) preemption ! configure pfsync # ifconfig em1 192.168.9.68 netmask 255.255.255.0 # ifconfig pfsync0 syncdev em1 # ifconfig pfsync0 up ! configure CARP on the LAN side # ifconfig carp1 create # ifconfig carp1 192.168.0.100/24 carpnodes 1:100,2:0 balancing ip \ pass lanpasswd vi /etc/hostname.carp1 inet 192.168.0.100 255.255.255.0 192.168.0.255 carpnodes 1:100,2:0 balancing ip pass lanpasswd vi /etc/hostname.pfsync0 up syncdev em1 Scp pf.conf and relayd.conf files to fw2 from fw1 # hostname fw1.example.com # cd /etc/ # scp pf.conf relayd.conf root@192.168.0.11:/etc/ root@192.168.0.11's password: pf.conf 100% 1584 1.6KB/s 00:00 relayd.conf Pls run below command on both nodes ( fw1 and fw2 ) # pfctl -f /etc/pf.conf # relayd # pfctl -sr anchor relayd/* all pass on em1 proto pfsync all pass on em1 proto carp all pass on em0 proto carp all pass log all flags S/SA # relayctl show summary Id TypeNameAvlblty Status 1 relay www
Re: CARP - Active/Active question
the tricky thing here is MAC-address. it is 01:00:5e, which mimics Microsoft NLB in multicast IGMP mode. first octet, 01, means it is multicast, which is very rare case (comparing to unicast and broadcast). most switches treat multicast in the same way as broadcast, i.e. delivering packets to all ports. also, there could be side effects in using multicast in routing mode. be careful with multicast things :-) 2012/10/15 Indunil Jayasooriya induni...@gmail.com Hi list, I configured CARP - Active/Active. ( Things work ) I have an question, When Both are Active/Active, Both should work simultaneously by balancing traffic. Am I right ? But, ifconfig on fw1 says, *status: master * and ifconfig on fw2 says, *status: backup Pls see the output of both fw1 and fw2 * *on fw1* carp1: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 lladdr 01:00:5e:00:01:01 priority: 0 carp: carpdev em0 advbase 1 balancing ip * state MASTER vhid 1 advskew 0 state BACKUP vhid 2 advskew 100* groups: carp * status: master* inet6 fe80::a00:27ff:fe05:3294%carp1 prefixlen 64 scopeid 0x7 inet 192.168.0.100 netmask 0xff00 broadcast 192.168.0.255 *on fw2 * carp1: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 lladdr 01:00:5e:00:01:01 priority: 0 carp: carpdev em0 advbase 1 balancing ip *state BACKUP vhid 1 advskew 100 state MASTER vhid 2 advskew 0* groups: carp *status: backup* inet6 fe80::a00:27ff:fe14:3690%carp1 prefixlen 64 scopeid 0x7 inet 192.168.0.100 netmask 0xff00 broadcast 192.168.0.255 Why is that? When* status is master and backup* , Do these 2 nodes ( fw1 and fw2 ) work simultaneously by balancing traffic? and one node goes down, all 100% traffic go via running node? That's What I want to achieve. Pls let me know. Here's the HOW TO, I performed. CARP - Active/Active configuration ( CARP, pfsync, PF and relayd ) -- -- | fw1 |-em1--em1-| fw2 | +-+ +-+ em0||em0 || ---+---Shared LAN---+--- fw1 em0 - 192.168.0.10 em1 - 192.168.9.67 ( for pfsync ) fw2 em0 - 192.168.0.11 em1 - 192.168.9.68 ( for pfsync ) carp1 - LAN shared IP: 192.168.0.100 on fw1 # hostname fw1.example.com # cat /etc/hostname.em0 inet 192.168.0.10 255.255.255.0 # cat /etc/hostname.em1 inet 192.168.9.67 255.255.255.0 on fw2 # hostname fw2.example.com # cat /etc/hostname.em0 inet 192.168.0.11 255.255.255.0 # cat /etc/hostname.em1 inet 192.168.9.68 255.255.255.0 net.inet.ip.forwarding=1 in /etc/sysctl.conf on both fw1 and fw2 with below command sysctl -w net.inet.ip.forwarding=1 Edit net.inet.ip.forwarding=1 in /etc/sysctl.conf file in this way # less /etc/sysctl.conf |grep net.inet.ip.forwarding=1 net.inet.ip.forwarding=1# 1=Permit forwarding (routing) of IPv4 packets Configure fw1: ! enable preemption and group interface failover # sysctl -w net.inet.carp.preempt=1 Uncomment net.inet.carp.preempt=1 in /etc/sysctl.conf in this way # less /etc/sysctl.conf |grep net.inet.carp.preempt=1 net.inet.carp.preempt=1 # 1=Enable carp(4) preemption ! configure pfsync # ifconfig em1 192.168.9.67 netmask 255.255.255.0 # ifconfig pfsync0 syncdev em1 # ifconfig pfsync0 up ! configure CARP on the LAN side # ifconfig carp1 create # ifconfig carp1 192.168.0.100/24 carpnodes 1:0,2:100 balancing ip \ pass lanpasswd vi /etc/hostname.carp1 inet 192.168.0.100 255.255.255.0 192.168.0.255 carpnodes 1:0,2:100 balancing ip pass lanpasswd vi /etc/hostname.pfsync0 up syncdev em1 Configure fw2: ! enable preemption and group interface failover # sysctl -w net.inet.carp.preempt=1 Uncomment net.inet.carp.preempt=1 in /etc/sysctl.conf in this way # less /etc/sysctl.conf |grep net.inet.carp.preempt=1 net.inet.carp.preempt=1 # 1=Enable carp(4) preemption ! configure pfsync # ifconfig em1 192.168.9.68 netmask 255.255.255.0 # ifconfig pfsync0 syncdev em1 # ifconfig pfsync0 up ! configure CARP on the LAN side # ifconfig carp1 create # ifconfig carp1 192.168.0.100/24 carpnodes 1:100,2:0 balancing ip \ pass lanpasswd vi /etc/hostname.carp1 inet 192.168.0.100 255.255.255.0 192.168.0.255 carpnodes 1:100,2:0 balancing ip pass lanpasswd vi /etc/hostname.pfsync0 up syncdev em1 Scp pf.conf and relayd.conf files to fw2 from fw1 # hostname fw1.example.com # cd /etc/ # scp pf.conf relayd.conf root@192.168.0.11:/etc/ root@192.168.0.11's password: pf.conf 100% 1584 1.6KB/s 00:00 relayd.conf Pls run below command on both nodes ( fw1 and fw2 ) # pfctl -f /etc/pf.conf # relayd # pfctl -sr anchor
