From owner-freebsd-net@FreeBSD.ORG Wed Oct 5 17:40:14 2011 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A7520106566B for ; Wed, 5 Oct 2011 17:40:14 +0000 (UTC) (envelope-from sol289@gmail.com) Received: from mail-iy0-f182.google.com (mail-iy0-f182.google.com [209.85.210.182]) by mx1.freebsd.org (Postfix) with ESMTP id 764928FC0C for ; Wed, 5 Oct 2011 17:40:14 +0000 (UTC) Received: by iadk27 with SMTP id k27so3019456iad.13 for ; Wed, 05 Oct 2011 10:40:14 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :content-type; bh=L5dZ7acZzYx+hC6EVHC6HfaylSqLJTizmt2wdwfpnJA=; b=m2X1YMm8V7DpNMdU73h9Vqo09TjH7loyv7TX17O9cpcV5/zormbhAlhKDbCc5ynqk3 6z2ihUp0Gs5RzrRSy0nJRVoL6noSAQEXPmU+I8DgI4czS6c4y0pwDyBeGfoIrmg33w+Y B7dWvIziyFPSZjyV7V+tbpb3EyamFFAtBPzAg= Received: by 10.43.130.136 with SMTP id hm8mr863507icc.202.1317836414115; Wed, 05 Oct 2011 10:40:14 -0700 (PDT) MIME-Version: 1.0 Received: by 10.42.239.73 with HTTP; Wed, 5 Oct 2011 10:39:54 -0700 (PDT) In-Reply-To: References: From: alexander lunyov Date: Wed, 5 Oct 2011 21:39:54 +0400 Message-ID: To: freebsd-net@freebsd.org Content-Type: text/plain; charset=UTF-8 Subject: Re: carp on bridge interface: INIT X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 05 Oct 2011 17:40:14 -0000 On Wed, Oct 5, 2011 at 9:53 AM, alexander lunyov wrote: > I need to make work a scheme like this: > > http://i.imgur.com/1xsXX.png > > So, i have 3 servers: in, out1 and out2; out1 and out2 plugged into > one switched environment, so they can see each other on layer 2, which > is bad for me, because they can make a switching loop in some case. > > out1 and out2 connects with openvpn to "in" in bridged configuration, > tap interfaces have no addresses. > > Then i make bridge interfaces on all servers and adding only tap0 > interfaces to bridge0 on each server, make each bridge0 interface > configured with address from 10.0.0.0/24 subnet. On this moment > everything is working and servers pinging each other 10.0.0.0/24 > address. > > Then i want to make carp work on out1 and out2 on bridge0-tap0 pair, > but if i config carp0 interface to work in 10.0.0.0/24 subnet, it > stays in INIT state forever - so this is my first question - why carp > won't work on bridge0-tap0 interface? > > If i bridge tap0 and em0 interfaces on out1 and out2, then carp on > both servers get into MASTER state, i get switching loop and when i > use tcpdump on bridge0 interfaces (-i bridge0 net 10.0.0.0/24), on > out1 i see ONLY vrrp advertisements from out2 (no advertisements from > out1), on out2 bridge0 i see ONLY advertisements from out1, and on > "in" bridge0 i see advertisements from both servers, and nothing is > working. > > So, here's the second question - how to make things work in this case? > STP? But how to configure it, what interfaces put into STP? And will > my precious carp work with STP? > > > Thank you for your attention. i create carp0 interface with commands: /sbin/ifconfig carp0 create /sbin/ifconfig carp0 vhid 1 advskew 10 pass jkbsvdreg 10.0.0.10/24 /sbin/sysctl net.inet.carp.preempt=1 /sbin/sysctl net.inet.carp.drop_echoed=1 then i see in log: Oct 5 17:11:49 220 kernel: bridge0: promiscuous mode enabled carp interface is: carp0: flags=8 metric 0 mtu 1500 inet 10.0.0.10 netmask 0xffffff00 carp: INIT vhid 1 advbase 1 advskew 10 if i do "ifconfig carp0 up" i see this error in /var/log/messages: Oct 5 17:15:13 220 kernel: ifa_add_loopback_route: insertion failed and carp interface become up carp0: flags=9 metric 0 mtu 1500 inet 10.0.0.10 netmask 0xffffff00 carp: INIT vhid 1 advbase 1 advskew 10 And beside this i don't see any carp log messages. here's sysctls: # sysctl -a | grep carp net.inet.ip.same_prefix_carp_only: 0 net.inet.carp.allow: 1 net.inet.carp.preempt: 1 net.inet.carp.log: 2 net.inet.carp.arpbalance: 0 net.inet.carp.drop_echoed: 1 net.inet.carp.suppress_preempt: 1 system is 8.2-R Interfaces on out1/2 em0: flags=8843 metric 0 mtu 1500 options=219b ether 00:25:90:06:a7:ee inet x.x.x.220 netmask 0xffffff00 broadcast x.x.x.255 media: Ethernet autoselect (1000baseT ) status: active em1: flags=8943 metric 0 mtu 1500 options=2098 ether 00:25:90:06:a7:ef media: Ethernet autoselect status: no carrier lo0: flags=8049 metric 0 mtu 16384 options=3 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3 inet6 ::1 prefixlen 128 inet 127.0.0.1 netmask 0xff000000 nd6 options=3 tap0: flags=8943 metric 0 mtu 1500 options=80000 ether 00:bd:39:50:01:00 Opened by PID 1521 bridge0: flags=8943 metric 0 mtu 1500 ether 56:7e:c1:dc:ff:2f inet 10.0.0.20 netmask 0xff000000 broadcast 10.255.255.255 id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15 maxage 20 holdcnt 6 proto rstp maxaddr 100 timeout 1200 root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0 member: tap0 flags=143 ifmaxaddr 0 port 4 priority 128 path cost 2000000 carp0: flags=8 metric 0 mtu 1500 inet 10.0.0.10 netmask 0xffffff00 carp: INIT vhid 1 advbase 1 advskew 10 -- your sweet isn't ready yet > > -- > your sweet isn't ready yet >