Heinrich Rebehn wrote:
Hi All,
i am trying to setup a carp'ed pair of firewalls and am fighting with
strange CARP behavior.
"frw1" is i386, "frw2" is amd64, but both run i386 OpenBSD 4.2
On each machine i have configured 4 vlans on the sk0 interface.
The carp interfaces are configured on top of the vlan interfaces (see
attachments). Note: i had to bring down carp0 manually on frw2 to keep
it from confusing our network. Therefore it is shown in INIT state.
What happens:
1. I boot frw1, it becomes MASTER on all carps -> good.
2. I boot frw2, it becomes BACKUP on all carps except carp0, which
becomes MASTER -> bad.
Both machines think they're MASTER on carp0.
Since both are complaining about "carp0: incorrect hash" i have double
checked the passwords on both machines, no diff!
I brought carp2 down on frw1 and it immediately failed over to frw2, so
CARP in general does work.
Since all traffic is running through the same physical device and the
problem is only on one carp interface i tend to rule out hardware problems.
Googling showed up quite a few posts of people having problems with CARP
and the "incorrect hash" message, but none really helped me.
[EMAIL PROTECTED] [/etc] # pfctl -sr | grep carp
pass quick proto carp all no state
[EMAIL PROTECTED] [~] # pfctl -sr | grep carp
pass quick proto carp all no state
Any ideas?
It is really strange: As soon as i have posted the problem to the list,
i seem to be able to relax and think better :-)
The solution:
On frw1:
carp0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
lladdr 00:00:5e:00:01:0a
carp: MASTER carpdev vlan0 vhid 10 advbase 1 advskew 0
groups: carp
inet6 fe80::200:5eff:fe00:10a%carp0 prefixlen 64 scopeid 0xa
inet 134.102.176.250 netmask 0xffffff00 broadcast 134.102.176.255
inet 134.102.176.202 netmask 0xffffff00 broadcast 134.102.176.255
On frw2:
carp0: flags=8802<BROADCAST,SIMPLEX,MULTICAST> mtu 1500
lladdr 00:00:5e:00:01:0a
carp: INIT carpdev vlan0 vhid 10 advbase 1 advskew 100
groups: carp
inet6 fe80::200:5eff:fe00:10a%carp0 prefixlen 64 scopeid 0xb
inet 134.102.176.250 netmask 0xffffff00 broadcast 134.102.176.255
The alias made the difference! On frw1 i had added it /etc/rc.conf.local
because i had difficulties defining in in /etc/hostname.carp0.
This was missing on frw2!
Now it works. Apologies for the noise!
--Heinrich