Re: [pfSense-discussion] Problems with CARP VIP and layer 3 switch

2011-04-17 Thread Vinicius Coque 
On Fri, Apr 15, 2011 at 7:31 PM, Chris Buechler cbuech...@gmail.com wrote:
 On Fri, Apr 15, 2011 at 4:14 PM, Vinicius Coque vco...@gmail.com wrote:

 What does the CARP status show, and what do the logs show for CARP?



 CARP Status
 pfSense master:

  vip1 172.16.0.39  MASTER

 pfSense backup:

  vip1 172.16.0.39  BACKUP


 System logs:

 pfSense master:

 Apr 15 17:08:08 utm-teste1 syslogd: kernel boot file is /boot/kernel/kernel
 Apr 15 20:08:32 utm-teste1 check_reload_status: syncing firewall
 Apr 15 17:08:32 utm-teste1 php: : Beginning XMLRPC sync to
 https://10.10.0.2:5081.
 Apr 15 17:08:33 utm-teste1 php: : XMLRPC sync successfully completed
 with https://10.10.0.2:5081.
 Apr 15 17:08:33 utm-teste1 php: : Beginning XMLRPC sync to
 https://10.10.0.2:5081.
 Apr 15 17:08:33 utm-teste1 php: : XMLRPC sync successfully completed
 with https://10.10.0.2:5081.
 Apr 15 17:08:35 utm-teste1 php: : Filter sync successfully completed
 with https://10.10.0.2:5081.

 pfSense backup:

 Apr 15 17:08:12 utm-teste2 syslogd: kernel boot file is /boot/kernel/kernel
 Apr 15 17:08:32 utm-teste2 check_reload_status: syncing firewall
 Apr 15 17:08:32 utm-teste2 kernel: vip1: link state changed to DOWN
 Apr 15 17:08:32 utm-teste2 kernel: vip1: INIT - MASTER (preempting)
 Apr 15 17:08:32 utm-teste2 kernel: vip1: link state changed to UP
 Apr 15 17:08:32 utm-teste2 kernel: vip1: MASTER - BACKUP (more
 frequent advertisement received)

 That looks like a consequence of:
 http://redmine.pfsense.org/issues/1433

 plus something on your switch(es). The MAC will move in the switch's
 CAM table from the primary's port to the secondary's when the
 secondary switches from master to backup even though it's for a
 fraction of a second, but should immediately move back on the switch
 when the master picks back up. There's something on the switch that
 isn't behaving correctly for MACs that quickly change ports, which is
 ultimately the actual problem, though that CARP switch shouldn't
 happen during a config change which exacerbates the issue.

 -
 To unsubscribe, e-mail: discussion-unsubscr...@pfsense.com
 For additional commands, e-mail: discussion-h...@pfsense.com

 Commercial support available - https://portal.pfsense.org



Now I understand the problem. I'll keep track of the bug on redmine.

Thanks for helping Chris.

--
Vinícius Coque

-
To unsubscribe, e-mail: discussion-unsubscr...@pfsense.com
For additional commands, e-mail: discussion-h...@pfsense.com

Commercial support available - https://portal.pfsense.org

Re: [pfSense-discussion] Problems with CARP VIP and layer 3 switch

2011-04-17 Thread Chris Buechler 
On Sun, Apr 17, 2011 at 10:25 PM, Vinicius Coque vco...@gmail.com wrote:

 Now I understand the problem. I'll keep track of the bug on redmine.


I would definitely check the problem on the switch too as in a CARP
setup it shouldn't have problems with MACs that switch between ports
quickly. That bug in and of itself isn't the problem, the nature of
CARP means that switch issue will potentially cause other issues for
you in the future.

-
To unsubscribe, e-mail: discussion-unsubscr...@pfsense.com
For additional commands, e-mail: discussion-h...@pfsense.com

Commercial support available - https://portal.pfsense.org