MJ J(mikedotjack...@gmail.com) on 2021.05.23 17:58:47 +0300:
> Hi,
>
> I have a carp master and backup on a pair of one-armed Rapsberry Pi 4B
> devices (router1 and router2) and when I ssh to the backup using the
> carp IP as my gateway, it repeatedly throws me out after a few seconds
> with the message:
>
> My laptop's network config:
> ---
> IP: 192.168.4.109
> Subnet mask: 255.255.255.0
> Gateway: 192.168.4.1
>
> Both RPI4s are connected to switchports with packets tagged for VLANs
> 2,3,4,6 and the network devices don't have IP configuration -
> everything is configured on VLAN interfaces with the single parent
> interface bse0. CARP failover actually works as expected, but as
> mentioned I am unable to maintain an ssh session with the backup
> "router2" while using the carp IPs as my network gateway.
>
> Network switch is a Zyxel GS1200-8 with firmware V2.00(ABME.0)C0. Loop
> prevention is enabled and I have also tested with it disabled to no
> avail.
>
> What happens:
> ---
> $ ssh 10.0.1.101
> Last login: Sun May 23 17:44:21 2021 from 10.0.1.100
> OpenBSD 6.9 (GENERIC.MP) #1134: Sun Apr 18 01:53:35 MDT 2021
> router2#
> router2# client_loop: send disconnect: Broken pipe
you ssh from 192.168.4.109 to 10.0.1.101?
My best guess is that you have asymetric routing and your carp master
router1 only sees one direction of the traffic:
laptop -> router1 -> router2
and
router2 -> laptop
because router2 has your laptop network locally on vlan6.
Solution: ssh to 192.168.4.3.
>
>
> Router 1 network config:
> ---
> router1# cat hostname.bse0
> up
>
> router1# cat hostname.vlan2
> 172.16.1.6/24 172.16.1.255 parent bse0 vnetid 2 group PFSYNC
> description "private segment with router2"
>
> router1# cat hostname.vlan3
> 10.0.1.100/24 10.0.1.255 parent bse0 vnetid 3 group INTERNAL
> description "router1 internal interface"
>
> router1# cat hostname.vlan4
> 192.168.1.252/24 192.168.1.255 parent bse0 vnetid 4 group OLDSHIT
> description "unmigrated shit"
>
> router1# cat hostname.vlan6
> 192.168.4.2/24 192.168.4.255 parent bse0 vnetid 6 group TCWIFI
> description "Time-Capsule Wifi"
>
> router1# cat hostname.carp4
> 192.168.1.1/24 carpdev vlan4 pass fukdissh1t vhid 41 advskew 1
> description "TC-WIFI gateway"
>
> router1# cat hostname.carp6
> 192.168.4.1/24 carpdev vlan6 pass fukdissh1t vhid 61 advskew 1
> description "TC-WIFI gateway"
>
>
> Router2 network config:
> ---
> router2# cat hostname.bse0
> up
>
> router2# cat hostname.vlan2
> 172.16.1.7/24 172.16.1.255 parent bse0 vnetid 2 group PFSYNC
> description "private segment with router1"
>
> router2# cat hostname.vlan3
> 10.0.1.101/24 10.0.1.255 parent bse0 vnetid 3 group INTERNAL
> description "router2 internal interface"
>
> router2# cat hostname.vlan4
> 192.168.1.253/24 192.168.1.255 parent bse0 vnetid 4 group OLDSHIT
> description "unmigrated shit"
>
> router2# cat hostname.vlan6
> 192.168.4.3/24 192.168.4.255 parent bse0 vnetid 6 group TCWIFI
> description "Time-Capsule Wifi"
>
> router2# cat hostname.carp4
> 192.168.1.1/24 carpdev vlan4 pass fukdissh1t vhid 41 advskew 128
> description "TC-WIFI gateway"
>
> router2# cat hostname.carp6
> 192.168.4.1/24 carpdev vlan6 pass fukdissh1t vhid 61 advskew 128
> description "TC-WIFI gateway"
>
>
> Any tips much appreciated.
>
> -mike
>
--
