CARP not failing-over

2007-11-24 Thread Insan Praja SW 

Hi Guys,
Currently set things up with CARP here.. I got two machines, supposed to
be doing IP load balancing when I setup them to  be like this,
NET-BCARP MachinesNET-A

    _ 
||   __|Machine A|__ ||
| NET-B  |  |  |_| | |  NET-A |
||__|  |Machine B| |_||
||  |__|_|_| ||


and there Layer 2 cisco 3524 switch and 2948 switch between them. So, I
setup pf to pass everything in/out. The machine it self is a 4.2 -current,
just compiled last night.
So, I boot the machines.. tried them on, ping form net A to net B.. it
works. But, when I intentionaly shutdown the master, carp stop
forwarding/routing, no fail-over, the ping between net-B and net-B just
frezee. Is there something wrong with the config? this is the pf.conf on
both machines

ext_if=em0
int_if0=vlan2
int_if1=vlan22
int_if2=em1
int_if3=em2
sync_if=rl0
#table spamd-white persist

set skip on {lo $sync_if}
set ruleset-optimization basic
set optimization aggressive
scrub in

#nat-anchor ftp-proxy/*
#rdr-anchor ftp-proxy/*
#nat on $ext_if from !($ext_if) - ($ext_if:0)
#rdr pass on $int_if proto tcp to port ftp - 127.0.0.1 port 8021
#no rdr on $ext_if proto tcp from spamd-white to any port smtp
#rdr pass on $ext_if proto tcp from any to any port smtp \
#   - 127.0.0.1 port spamd

#anchor ftp-proxy/*
block in
pass out

#pass quick on $int_if no state
pass in on $sync_if all no state
pass in on {$int_if0 $int_if1 $int_if2 $int_if3} all
pass in on $ext_if all
antispoof quick for { lo }

#pass in on $ext_if proto tcp to ($ext_if) port ssh
#pass in log on $ext_if proto tcp to ($ext_if) port smtp
#pass out log on $ext_if proto tcp from ($ext_if) to port smtp

The Bridge Table on cat 2948G-L3:
GREENDISTRO#sh bridge 22

Total of 300 station blocks, 212 free
Codes: P - permanent, S - self

Bridge Group 22:

Address   Action   Interface
.5e00.0104   forward   Fa37.22
0015.1725.0a9d   forward   Fa37.22

Bridge Group 2:

Address   Action   Interface
.5e00.0102   forward   Fa37.2
0015.1725.0a9e   forward   Fa37.2

The ifconfig:
Machine A#
lo0: flags=8049UP,LOOPBACK,RUNNING,MULTICAST mtu 33168
groups: lo
inet 127.0.0.1 netmask 0xff00
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x6
em0: flags=8943UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST mtu 1500
lladdr 00:15:17:25:0a:9d
description: CARPdev0
media: Ethernet autoselect (100baseTX full-duplex)
status: active
inet6 fe80::215:17ff:fe25:a9d%em0 prefixlen 64 scopeid 0x1
inet 10.10.12.254 netmask 0xff00 broadcast 10.10.12.255
rl0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500
lladdr 00:80:48:1f:75:53
description: SYNCDEV
groups: egress
media: Ethernet autoselect (100baseTX full-duplex)
status: active
inet6 fe80::280:48ff:fe1f:7553%rl0 prefixlen 64 scopeid 0x2
inet 10.10.10.254 netmask 0xff00 broadcast 10.10.10.255
em1: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500
lladdr 00:07:e9:0f:44:ac
description: CARPdev1
media: Ethernet autoselect (1000baseT full-duplex,rxpause,txpause)
status: active
inet6 fe80::207:e9ff:fe0f:44ac%em1 prefixlen 64 scopeid 0x3
em2: flags=8943UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST mtu 1500
lladdr 00:15:17:25:0a:9e
media: Ethernet autoselect (100baseTX full-duplex)
status: active
inet6 fe80::215:17ff:fe25:a9e%em2 prefixlen 64 scopeid 0x4
enc0: flags=0 mtu 1536
vlan112: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500
lladdr 00:15:17:25:0a:9e
vlan: 112 priority: 0 parent interface: em2
groups: vlan
inet6 fe80::215:17ff:fe25:a9e%vlan112 prefixlen 64 scopeid 0x7
vlan122: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500
lladdr 00:15:17:25:0a:9d
vlan: 122 priority: 0 parent interface: em0
groups: vlan
inet6 fe80::215:17ff:fe25:a9d%vlan122 prefixlen 64 scopeid 0x8
vlan2: flags=8943UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST mtu 1500
lladdr 00:15:17:25:0a:9e
vlan: 2 priority: 0 parent interface: em2
groups: vlan
inet6 fe80::215:17ff:fe25:a9e%vlan2 prefixlen 64 scopeid 0x9
vlan22: flags=8943UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST mtu 1500
lladdr 00:15:17:25:0a:9d
vlan: 22 priority: 0 parent interface: em0
groups: vlan
inet6 fe80::215:17ff:fe25:a9d%vlan22 prefixlen 64 scopeid 0xa
pfsync0: flags=41UP,RUNNING mtu 1460
pfsync: syncdev: rl0 syncpeer: 10.10.10.253 maxupd: 128
groups: carp pfsync
pflog0: flags=141UP,RUNNING,PROMISC mtu 33168
groups: pflog
carp0: flags=b843UP,BROADCAST,RUNNING,SIMPLEX,LINK0,LINK1,MULTICAST mtu
1500
lladdr 00:00:5e:00:01:01
carp: MASTER carpdev vlan2 vhid

Re: CARP not failing-over

2007-11-24 Thread Marco Pfatschbacher 
On Sat, Nov 24, 2007 at 05:14:04PM +0700, Insan Praja SW wrote:
 The ifconfig:
 Machine A#
[...]
 vlan2: flags=8943UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST mtu 1500
 lladdr 00:15:17:25:0a:9e
 vlan: 2 priority: 0 parent interface: em2
 groups: vlan
 inet6 fe80::215:17ff:fe25:a9e%vlan2 prefixlen 64 scopeid 0x9
 vlan22: flags=8943UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST mtu 1500
 lladdr 00:15:17:25:0a:9d
 vlan: 22 priority: 0 parent interface: em0
 groups: vlan
 inet6 fe80::215:17ff:fe25:a9d%vlan22 prefixlen 64 scopeid 0xa
[...]
 carp0: flags=b843UP,BROADCAST,RUNNING,SIMPLEX,LINK0,LINK1,MULTICAST mtu
 1500
 lladdr 00:00:5e:00:01:01
 carp: MASTER carpdev vlan2 vhid 1 advbase 1 advskew 0
 groups: carp
 inet6 fe80::200:5eff:fe00:101%carp0 prefixlen 64 scopeid 0xc
 inet 202.149.93.12 netmask 0xfff0 broadcast 202.149.93.15
 carp1: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500
 lladdr 00:00:5e:00:01:02
 carp: BACKUP carpdev vlan2 vhid 2 advbase 1 advskew 100
 groups: carp
 inet6 fe80::200:5eff:fe00:102%carp1 prefixlen 64 scopeid 0xd
 inet 202.149.93.12 netmask 0xfff0 broadcast 202.149.93.15
 carp2: flags=b843UP,BROADCAST,RUNNING,SIMPLEX,LINK0,LINK1,MULTICAST mtu
 1500
 lladdr 00:00:5e:00:01:03
 carp: MASTER carpdev vlan22 vhid 3 advbase 1 advskew 0
 groups: carp
 inet6 fe80::200:5eff:fe00:103%carp2 prefixlen 64 scopeid 0xe
 inet 202.149.93.97 netmask 0xfff0 broadcast 202.149.93.111
 carp3: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500
 lladdr 00:00:5e:00:01:04
 carp: BACKUP carpdev vlan22 vhid 4 advbase 1 advskew 100
 groups: carp
 inet6 fe80::200:5eff:fe00:104%carp3 prefixlen 64 scopeid 0xf
 inet 202.149.93.97 netmask 0xfff0 broadcast 202.149.93.111

vlan2 and vlan22 need an IP in the same network as their carp interfaces.
IP Balancing currently doesn't work for the 'carpdev is ip-less' case.

Re: CARP not failing-over

2007-11-24 Thread Insan Praja SW 

On Sat, 24 Nov 2007 18:51:41 +0700, Marco Pfatschbacher [EMAIL PROTECTED]
wrote:


On Sat, Nov 24, 2007 at 05:14:04PM +0700, Insan Praja SW wrote:

The ifconfig:
Machine A#

[...]

vlan2: flags=8943UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST mtu
1500
lladdr 00:15:17:25:0a:9e
vlan: 2 priority: 0 parent interface: em2
groups: vlan
inet6 fe80::215:17ff:fe25:a9e%vlan2 prefixlen 64 scopeid 0x9
vlan22: flags=8943UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST mtu
1500
lladdr 00:15:17:25:0a:9d
vlan: 22 priority: 0 parent interface: em0
groups: vlan
inet6 fe80::215:17ff:fe25:a9d%vlan22 prefixlen 64 scopeid 0xa

[...]

carp0: flags=b843UP,BROADCAST,RUNNING,SIMPLEX,LINK0,LINK1,MULTICAST
mtu
1500
lladdr 00:00:5e:00:01:01
carp: MASTER carpdev vlan2 vhid 1 advbase 1 advskew 0
groups: carp
inet6 fe80::200:5eff:fe00:101%carp0 prefixlen 64 scopeid 0xc
inet 202.149.93.12 netmask 0xfff0 broadcast 202.149.93.15
carp1: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500
lladdr 00:00:5e:00:01:02
carp: BACKUP carpdev vlan2 vhid 2 advbase 1 advskew 100
groups: carp
inet6 fe80::200:5eff:fe00:102%carp1 prefixlen 64 scopeid 0xd
inet 202.149.93.12 netmask 0xfff0 broadcast 202.149.93.15
carp2: flags=b843UP,BROADCAST,RUNNING,SIMPLEX,LINK0,LINK1,MULTICAST
mtu
1500
lladdr 00:00:5e:00:01:03
carp: MASTER carpdev vlan22 vhid 3 advbase 1 advskew 0
groups: carp
inet6 fe80::200:5eff:fe00:103%carp2 prefixlen 64 scopeid 0xe
inet 202.149.93.97 netmask 0xfff0 broadcast 202.149.93.111
carp3: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500
lladdr 00:00:5e:00:01:04
carp: BACKUP carpdev vlan22 vhid 4 advbase 1 advskew 100
groups: carp
inet6 fe80::200:5eff:fe00:104%carp3 prefixlen 64 scopeid 0xf
inet 202.149.93.97 netmask 0xfff0 broadcast 202.149.93.111


vlan2 and vlan22 need an IP in the same network as their carp interfaces.
IP Balancing currently doesn't work for the 'carpdev is ip-less' case.


Hi,
Thanks for the clue, so.. one other thing, for IP Load Balancing, I don't
need the net.inet.arpbalance to 1, am I correct?

Thanks,

Insan

--
Using Opera's revolutionary e-mail client: http://www.opera.com/mail/