Date: Sun, 23 Aug 2009 10:37:04 +0200 From: Arlen Drina <arlytex@gmail.com> To: freebsd-pf@freebsd.org Subject: CARP failover strange behaviour-two master states on master and backup server Message-ID: <4e96b49a0908230137m6cfe420v2921593e99e8b706@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
Hi list, I am using PF + CARP on OpenBSD 4.5 for my redundant firewall, but I have some strange situations, I cannot understand very well. So please review and give me your opinion, firewalls perform redundancy as expected and works but some stuff are not clear 1 ) master configuration for carp interfaces is eternal inet abc.abc.abc.abc 255.255.255.224 abc.abc.abc.abc.abc vhid 1 pass b5f06766c75cfsfsdfa6f87741430832 carpdev fxp0 advbase 10 advskew 0 state master internal inet 192.168.1.100 255.255.255.0 192.168.1.255 vhid 2 pass 5e0125fb892ef94542eddcc6ab78a1ae carpdev rl0 advbase 10 advskew 0 state master 2) on backup eternal inet abc.abc.abc.abc 255.255.255.224 abc.abc.abc.abc.abc vhid 1 pass b5f06766c75cfsfsdfa6f87741430832 carpdev fxp0 advbase 10 advskew 100 state master internal inet 192.168.1.100 255.255.255.0 192.168.1.255 vhid 2 pass 5e0125fb892ef94542eddcc6ab78a1ae carpdev rl0 advbase 10 advskew 100 state master as you can see I have different values for advbase/advskew, if master server is boot first and backup second, all ok, master become master and backup is backup server, but in case backup is booted first it becomes master, and after real master is boot up it becomes backup. I wondering how is this possible as I set up lower values for advskew /advbase on master to push it ( in case it is alive in normal environment ) to be always master. And master stays in backup state whole time. When there is normal process, master boots first and then slave, on both servers I have ifconfig -g carp carp: carp demote count 0 again should not these values be different on master and backup ? If I reboote master, while backup is on, after master reboot on it I have ifconfig -g carp carp: carp demote count 1 and it is marked as BACKUP. Also I noticed that master server after reboot is for a very short time marked as MASTER and very fast it switch again to BACKUP state. I played with carpdemote parameters on master/backup and in case BACKUP server : ifconfig -g carp carp: carp demote count 0 MASTER server : ifconfig -g carp carp: carp demote count 1 I do on BACKUP server ifconfig -g carp carpdemote 20 then is on BACKUP server ifconfig -g carp carp: carp demote count 20 and all traffice is switched from backup to master ( tcpdump -i $ext_if that shows ) what is what I expect and that works normal, but after increasing carpdemote on backup, internal carp interface change state to backup , but external carp interface on backup server remains MASTER, so in this situation I have two masters ....on backup and on master server. All works as expected, failover works correctly and ony above stuff is very confusing for me. Also I noticed that external carp device on both servers ( master and backup ) belongs to egress interface group too, carp interface is at same time default route interface and I understand it, I tried to raise carpdemote value for egress group to be same as for carp group but that did not helped, I still have two masters on external interfaces on master/backup. Sorry for long mail, if someone knows what could be cause for this behaviour is more than welcome to write it. Thank you in advance, Kind regards, Arlen
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4e96b49a0908230137m6cfe420v2921593e99e8b706>