From owner-freebsd-current@FreeBSD.ORG Wed Mar 27 21:23:59 2013 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.FreeBSD.org [8.8.178.115]) by hub.freebsd.org (Postfix) with ESMTP id 8C0C85D7 for ; Wed, 27 Mar 2013 21:23:59 +0000 (UTC) (envelope-from fjwcash@gmail.com) Received: from mail-qc0-x22f.google.com (mail-qc0-x22f.google.com [IPv6:2607:f8b0:400d:c01::22f]) by mx1.freebsd.org (Postfix) with ESMTP id 52C9C1F1 for ; Wed, 27 Mar 2013 21:23:59 +0000 (UTC) Received: by mail-qc0-f175.google.com with SMTP id j3so3912654qcs.34 for ; Wed, 27 Mar 2013 14:23:58 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:x-received:in-reply-to:references:date:message-id :subject:from:to:content-type; bh=mpRx0e8GhNblbxuTrKXSUk7S0O6f4KQatSiRAp6dtEg=; b=lD021Taw0G6AVp9gCVPiyQUJQroczsTYzImV7CQW1juKtjr8ZCKqV9yU5vkkFGZDLE Xoot7TvJ1EaoS1Ze39HRs4rG4n5iZu9oIfhJxvrtG4yJVU3XPl840egtVB0BrgdrApD3 klG5Ti9Z/PszHzGg2mGYrCSeWNmiz+dT/htexxntssEr64uaCUWlseypd9pn665pXRoT cKf0u/jTKHKvjH/AnSfLc7d/t4M1LpZ7WhZJFXvYmTf55niQRFmSzuKmOlhP5mB5vxpq iA/hnclqFBcSlZR3LixX6KSANbtdpy5dEr6mke1gZe9TlcPaAe95TNJxNr5tN+RpCdVS 4UOQ== MIME-Version: 1.0 X-Received: by 10.224.72.203 with SMTP id n11mr15023277qaj.72.1364419438828; Wed, 27 Mar 2013 14:23:58 -0700 (PDT) Received: by 10.49.50.67 with HTTP; Wed, 27 Mar 2013 14:23:58 -0700 (PDT) In-Reply-To: References: Date: Wed, 27 Mar 2013 14:23:58 -0700 Message-ID: Subject: Re: CARP will not relinquish master state on one interface From: Freddie Cash To: FreeBSD-Current Content-Type: text/plain; charset=UTF-8 X-Content-Filtered-By: Mailman/MimeDel 2.1.14 X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 Mar 2013 21:23:59 -0000 Figure it out. :( Was an IPFW rule. Seems the following two rules block CARP traffic: # Check for spoofed packets # Anti-spoof rules # These do roughly the same things: # verrevpath checks all incoming packets to see if the source IP matches any route on that interface # antispoof checks all incoming packets to make sure the source IP is not listed in a network of another interface $ipfw add 30 deny log ip from any to any not verrevpath in recv $if_public $ipfw add 40 deny log ip from any to any not antispoof in recv $if_public Removing those two rules on both boxes makes em0 fail-over correctly between the two. On Wed, Mar 27, 2013 at 2:02 PM, Freddie Cash wrote: > Two systems running identical hardware and software (one system actually > rsync'd from the other). Running 10-CURRENT just after the new CARP > implementation went in: > > FreeBSD nexus2.sd73.bc.ca 10.0-CURRENT FreeBSD 10.0-CURRENT #1 r245195: > Thu Jan 10 10:29:16 PST 2013 root@nexus2.sd73.bc.ca:/usr/obj/usr/src/sys/NEXUS > i386 > > Each box has 2 interfaces configured: > em0 is part of an untagged vlan > em1 is part of 8 tagged vlans > > The tagged vlan interfaces work correctly on both boxes, and CARP switches > back and forth between MASTER and BACKUP correctly, whether it be via > unplugging the network cable or via "ifconfig ... state" changes. > > The untagged vlan on both boxes will not relinquish MASTER status. If > both boxes are up, both em0 interfaces are up, then both boxes configure > the vhid as MASTER and nasty things happen to our traffic. > > The network configuration is: > > [remote site]------fibre link--------[fibre switch]----------[carp > box1]--------[internet] > [remote site]------fibre link----------/ \------------[carp box > 2]-------/ > [remote site]------fibre link---------/ > > The fibre links to the fibre switch are on untagged vlans; the link from > the switch to each carp box is a tagged vlan trunk. And the link from each > carp box to the Internet router is an untagged vlan. > > If only box1 is online, everything works correctly. > > If only box2 is online, everything works correctly. > > If both boxes are online, everything on em1 works correctly, and em0 shows > MASTER on both boxes. > > If both boxes are online but em0 is down on 1 (either) box, everything > works correctly. > > Running "tcpdump -n -i em0 -T carp | grep CARP" on both boxes shows the > CARPv2 traffic from both boxes, with the correct vhid, advbase, advskew for > each box. But the logs on box2 show "master down". > > I'm at a loss as to what to try next. Everything works for all the vlan > interfaces on em1. But nothing I've tried works for em0. Within 2 seconds > of the link showing UP, it becomes MASTER. On both boxes. > > -- > Freddie Cash > fjwcash@gmail.com > -- Freddie Cash fjwcash@gmail.com