Re: Can't ping CARP interface from CARP master box.
On Tue, Feb 11, 2014 at 10:17:46PM +, andy wrote: Hi, You should be able to ping the CARP IP addresses from any host (including the master), so something is wrong here. This can sometimes be due to a routing problem. Your routing table should look similar to; 10.0.0.1 10.0.0.1 UH 04 - 4 carp0 10.0.0.2 127.0.0.1 UGHS 02 33144 8 lo0 10.0.0.2/32 10.0.0.2 U 00 - 4 carp0 10.0.0.3 127.0.0.1 UGHS 02 33144 8 lo0 10.0.0.3/32 10.0.0.3 U 00 - 4 carp0 Here 10.0.0.1 is the primary IP, and 10.0.0.2 and 10.0.0.3 are secondary carp IPs. Your /etc/hostname.carp file should look like; inet 10.0.0.1 255.255.255.0 10.0.0.255 vhid 1 pass carpsecurehashpasswd advbase 1 advskew 0 inet alias 10.0.0.2 255.255.255.255 inet alias 10.0.0.3 255.255.255.255 Notice the secondary IP's have a /32 subnet (which is correct despite the spurious errors in dmesg during carp fail-overs). It is having the /32 subnet on the secondaries which causes the creation of the additional route entry to lo0. What does your routing table and carp look like? Hi Andy, My routing table looks like this: $ netstat -rn | grep '^46.21.116.5' 46.21.116.546.21.116.5UH 0 15 - 4 carp116 $ netstat -rn | grep '^213.215.29' 213.215.29.254 213.215.29.254 UH 00 - 4 carp0 Please note carp0 is fine WRT icmp-echo.
Re: Can't ping CARP interface from CARP master box.
On Wed, 12 Feb 2014 20:26:32 +0100, Laurent CARON lca...@unix-scripts.info wrote: On Tue, Feb 11, 2014 at 10:17:46PM +, andy wrote: Hi, You should be able to ping the CARP IP addresses from any host (including the master), so something is wrong here. This can sometimes be due to a routing problem. Your routing table should look similar to; 10.0.0.1 10.0.0.1 UH 04 - 4 carp0 10.0.0.2 127.0.0.1 UGHS 02 33144 8 lo0 10.0.0.2/32 10.0.0.2 U 00 - 4 carp0 10.0.0.3 127.0.0.1 UGHS 02 33144 8 lo0 10.0.0.3/32 10.0.0.3 U 00 - 4 carp0 Here 10.0.0.1 is the primary IP, and 10.0.0.2 and 10.0.0.3 are secondary carp IPs. Your /etc/hostname.carp file should look like; inet 10.0.0.1 255.255.255.0 10.0.0.255 vhid 1 pass carpsecurehashpasswd advbase 1 advskew 0 inet alias 10.0.0.2 255.255.255.255 inet alias 10.0.0.3 255.255.255.255 Notice the secondary IP's have a /32 subnet (which is correct despite the spurious errors in dmesg during carp fail-overs). It is having the /32 subnet on the secondaries which causes the creation of the additional route entry to lo0. What does your routing table and carp look like? Hi Andy, My routing table looks like this: $ netstat -rn | grep '^46.21.116.5' 46.21.116.546.21.116.5UH 0 15 - 4 carp116 $ netstat -rn | grep '^213.215.29' 213.215.29.254 213.215.29.254 UH 00 - 4 carp0 Please note carp0 is fine WRT icmp-echo. From what you have sent I guess you are talking about trying to ping the primary IP address on carp116 from the carp master itself. If you run 'ping 46.21.116.5' I'm guessing you see the count (15 above) on the route increase, even if you don't see the echo reply? When pinging the carp address on my master firewall from self (successfully) and running 'tcpdump -netti carp0' or 'tcpdump -netti lo0' I don't see any matches interestingly. So I guess this means the reply is coming from somewhere else. Do you see anything with 'tcpdump -netti pflog0 icmp' when you run the ping? Andy.
Re: Can't ping CARP interface from CARP master box.
Hi, Any clue about this issue ? Thanks On Fri, Jan 31, 2014 at 06:13:15PM +0100, Laurent CARON wrote: Hi, I'm currently experiencing what I would call a strange behavior (maybe a total config fuck up on my side, who knows...). I'm basically having 2 boxes acting as a CARP gateway for my servers. ...snip... Problem: I can ping 46.21.116.5 either from the outside world or my inside machines (even the machine not in carp master state), but not from the carp master machine.
Re: Can't ping CARP interface from CARP master box.
I can't remember specifically where I read it, but I recall specific warnings somewhere in the CARP documentation about ping and the virtual IP. I encountered similar oddities configuring CARP for IPv4 and IPv6. You may want to look at your route tables. On 02/11/2014 04:41 PM, Laurent CARON wrote: Hi, Any clue about this issue ? Thanks On Fri, Jan 31, 2014 at 06:13:15PM +0100, Laurent CARON wrote: Hi, I'm currently experiencing what I would call a strange behavior (maybe a total config fuck up on my side, who knows...). I'm basically having 2 boxes acting as a CARP gateway for my servers. ...snip... Problem: I can ping 46.21.116.5 either from the outside world or my inside machines (even the machine not in carp master state), but not from the carp master machine. -- -- John Jasen (jja...@realityfailure.org) -- No one will sorrow for me when I die, because those who would -- are dead already. -- Lan Mandragoran, The Wheel of Time, New Spring
Re: Can't ping CARP interface from CARP master box.
Hi, You should be able to ping the CARP IP addresses from any host (including the master), so something is wrong here. This can sometimes be due to a routing problem. Your routing table should look similar to; 10.0.0.1 10.0.0.1 UH 04 - 4 carp0 10.0.0.2 127.0.0.1 UGHS 02 33144 8 lo0 10.0.0.2/32 10.0.0.2 U 00 - 4 carp0 10.0.0.3 127.0.0.1 UGHS 02 33144 8 lo0 10.0.0.3/32 10.0.0.3 U 00 - 4 carp0 Here 10.0.0.1 is the primary IP, and 10.0.0.2 and 10.0.0.3 are secondary carp IPs. Your /etc/hostname.carp file should look like; inet 10.0.0.1 255.255.255.0 10.0.0.255 vhid 1 pass carpsecurehashpasswd advbase 1 advskew 0 inet alias 10.0.0.2 255.255.255.255 inet alias 10.0.0.3 255.255.255.255 Notice the secondary IP's have a /32 subnet (which is correct despite the spurious errors in dmesg during carp fail-overs). It is having the /32 subnet on the secondaries which causes the creation of the additional route entry to lo0. What does your routing table and carp look like? Cheers, Andy. On Tue, 11 Feb 2014 16:50:08 -0500, John Jasen jja...@realityfailure.org wrote: I can't remember specifically where I read it, but I recall specific warnings somewhere in the CARP documentation about ping and the virtual IP. I encountered similar oddities configuring CARP for IPv4 and IPv6. You may want to look at your route tables. On 02/11/2014 04:41 PM, Laurent CARON wrote: Hi, Any clue about this issue ? Thanks On Fri, Jan 31, 2014 at 06:13:15PM +0100, Laurent CARON wrote: Hi, I'm currently experiencing what I would call a strange behavior (maybe a total config fuck up on my side, who knows...). I'm basically having 2 boxes acting as a CARP gateway for my servers. ...snip... Problem: I can ping 46.21.116.5 either from the outside world or my inside machines (even the machine not in carp master state), but not from the carp master machine. -- -- John Jasen (jja...@realityfailure.org) -- No one will sorrow for me when I die, because those who would -- are dead already. -- Lan Mandragoran, The Wheel of Time, New Spring
Can't ping CARP interface from CARP master box.
Hi, I'm currently experiencing what I would call a strange behavior (maybe a total config fuck up on my side, who knows...). I'm basically having 2 boxes acting as a CARP gateway for my servers. Adressing: - Box 1 (bge1): 46.21.116.1 - Box 2 (bge1): 46.21.116.2 - CARP116: 46.21.116.5 - CARP0:213.215.29.254 (underlying interface is em1) Problem: I can ping 46.21.116.5 either from the outside world or my inside machines (even the machine not in carp master state), but not from the carp master machine. This sounds really odd to me since a nearly (bnx instead of bge + different IP addresses) identical setup is not exhibiting this behavior. carp0 doesn't exhibit this strange behavior (IE: I can ping 213.215.29.254 from the master box). I either missed something obvious or...need to stop drugs... Please note this behavior is consistent between 5.4 and 5.5-snapshot from Jan 24th 2014. Do any of you have a clue about this issue ? Thanks $ ping -c10 46.21.116.5 PING 46.21.116.5 (46.21.116.5): 56 data bytes --- 46.21.116.5 ping statistics --- 10 packets transmitted, 0 packets received, 100.0% packet loss $ bgpctl show fib 46.21.116.5 flags: * = valid, B = BGP, C = Connected, S = Static N = BGP Nexthop reachable via this route r = reject route, b = blackhole route flags prio destination gateway *0 46.21.116.5/32 46.21.116.5 $ cat /etc/hostname.bge1 inet 46.21.116.1 255.255.255.240 inet6 2a02:27d0:116::1 112 $ cat /etc/hostname.carp116 inet 46.21.116.5 255.255.255.240 46.21.116.15 vhid 116 carpdev bge1 pass XX advbase 1 advskew 0 inet6 2a02:27d0:116::5 112 vhid 116 carpdev bge1 pass XX advbase 1 advskew 0 $ cat /etc/hostname.carp0 inet 213.215.29.254 255.255.254.0 213.215.29.255 vhid 1 carpdev em1 pass advbase 1 advskew 0 inet6 2a02:27d0:0:::100 64 vhid 1 carpdev em1 pass advbase 1 advskew 0 $ netstat -rn | grep '^46.21.116.5' 46.21.116.546.21.116.5UH 0 15 - 4 carp116 $ netstat -rn | grep '^213.215.29' 213.215.29.254 213.215.29.254 UH 00 - 4 carp0 $ ping -qc10 213.215.29.254 PING 213.215.29.254 (213.215.29.254): 56 data bytes --- 213.215.29.254 ping statistics --- 10 packets transmitted, 10 packets received, 0.0% packet loss round-trip min/avg/max/std-dev = 0.015/0.023/0.067/0.015 ms $ ifconfig bge1 bge1: flags=8b43UP,BROADCAST,RUNNING,PROMISC,ALLMULTI,SIMPLEX,MULTICAST mtu 1500 lladdr 00:24:e8:58:49:64 priority: 0 media: Ethernet autoselect (1000baseT full-duplex,rxpause,txpause) status: active inet 46.21.116.1 netmask 0xfff0 broadcast 46.21.116.15 inet6 fe80::224:e8ff:fe58:4964%bge1 prefixlen 64 scopeid 0x6 inet6 2a02:27d0:116::1 prefixlen 112 $ ifconfig carp116 carp116: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 lladdr 00:00:5e:00:01:74 priority: 0 carp: MASTER carpdev bge1 vhid 116 advbase 1 advskew 0 groups: carp status: master inet6 fe80::200:5eff:fe00:174%carp116 prefixlen 64 scopeid 0xb inet 46.21.116.5 netmask 0xfff0 broadcast 46.21.116.15 inet6 2a02:27d0:116::5 prefixlen 112 $ ifconfig em1 em1: flags=8b43UP,BROADCAST,RUNNING,PROMISC,ALLMULTI,SIMPLEX,MULTICAST mtu 1500 lladdr 00:15:17:be:d0:4c priority: 0 media: Ethernet autoselect (1000baseT full-duplex,rxpause,txpause) status: active inet 213.215.28.1 netmask 0xfe00 broadcast 213.215.29.255 inet6 fe80::215:17ff:febe:d04c%em1 prefixlen 64 scopeid 0x2 inet6 2a02:27d0:0:::1 prefixlen 64 $ ifconfig carp0 carp0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 lladdr 00:00:5e:00:01:01 priority: 0 carp: MASTER carpdev em1 vhid 1 advbase 1 advskew 0 groups: carp status: master inet6 fe80::200:5eff:fe00:101%carp0 prefixlen 64 scopeid 0xa inet 213.215.29.254 netmask 0xfe00 broadcast 213.215.29.255 inet6 2a02:27d0:0:::100 prefixlen 64 $ dmesg OpenBSD 5.5-beta (GENERIC.MP) #279: Fri Jan 24 11:50:37 MST 2014 t...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 4272553984 (4074MB) avail mem = 4150603776 (3958MB) warning: no entropy supplied by boot loader mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.5 @ 0xcfb9c000 (55 entries) bios0: vendor Dell Inc. version 1.3.0 date 08/15/2008 bios0: Dell Inc. PowerEdge R300 acpi0 at bios0: rev 2 acpi0: sleep states S0 S4 S5 acpi0: tables DSDT FACP APIC SPCR HPET MCFG WD__ SLIC ERST HEST BERT EINJ TCPA acpi0: wakeup devices PCI0(S5) acpitimer0 at acpi0: 3579545 Hz, 24 bits
