From owner-freebsd-net@FreeBSD.ORG Thu Oct 18 20:56:24 2007 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 387C316A419 for ; Thu, 18 Oct 2007 20:56:24 +0000 (UTC) (envelope-from freebsd-net@dino.sk) Received: from loki.netlab.sk (ns1.netlab.sk [84.245.65.2]) by mx1.freebsd.org (Postfix) with ESMTP id A790313C45B for ; Thu, 18 Oct 2007 20:56:23 +0000 (UTC) (envelope-from freebsd-net@dino.sk) Received: from lex.dino.sk (home.dino.sk [84.245.95.252]) (AUTH: PLAIN milan, TLS: TLSv1/SSLv3,256bits,AES256-SHA) by loki.netlab.sk with esmtp; Thu, 18 Oct 2007 22:53:02 +0200 id 0002E023.4717C7AE.000178D8 From: Milan Obuch To: freebsd-net@freebsd.org Date: Thu, 18 Oct 2007 22:55:46 +0200 User-Agent: KMail/1.9.6 References: <2385.62.242.232.132.1192696439.squirrel@www.enableit.dk> <200710181250.26291.max@love2party.net> <200710181432.14461.freebsd-net@dino.sk> In-Reply-To: <200710181432.14461.freebsd-net@dino.sk> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200710182255.48379.freebsd-net@dino.sk> Subject: Re: packet loss with carp on 6.2 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 18 Oct 2007 20:56:24 -0000 On Thursday 18 October 2007 14:32:13 Milan Obuch wrote: > On Thursday 18 October 2007 12:50:19 Max Laier wrote: > > On Thursday 18 October 2007, Klavs Klavsen wrote: > > > I tried to just disable carp on the new machine (simply comment out > > > carp config from /etc/rc.conf.local) and now the packet loss is gone - > > > and hasn't been there for half an hour, so far. > > > > I supposed you also had to change your firewall rules? Otherwise your > > ruleset might not be ready to deal with carp and that could be the reason > > why you get the bad results? Start debugging by looking at "netstat -ssp > > carp" on either machine and take a careful look at your pf.conf. I also > > suggest that you add "log" to all you block rules and watch tcpdump on > > pflog0 while pinging. > > > > > Seems the carp network interfaces has bugs. > > > > That's a pretty bold assertion given the limited debugging you have > > done ;) > > I am experiencing something similar. I am trying to put together two PC > firewall with failover. My rc.conf has following lines > [ snip ] I did even simpler test: one firewall with one switch. ifconfig fxp0 10.0.0.1/26 ifconfig carp0 create ifconfig carp0 10.0.0.2/26 vhid ... pass ... switch has IP 10.0.0.3 ping -S 10.0.0.1 10.0.0.3 works, no loss. ping -S 10.0.0.2 10.0.0.3 does not work well, ~ 80 % packet loss. This seems unusable to me. I see no simpler test right now... Regards, Milan -- No need to mail me directly. Just reply to mailing list, please.