From owner-freebsd-net@freebsd.org Thu Dec 22 14:17:00 2016 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id B00CAC8AE9A for ; Thu, 22 Dec 2016 14:17:00 +0000 (UTC) (envelope-from ml@netfence.it) Received: from smtp208.alice.it (smtp208.alice.it [82.57.200.104]) by mx1.freebsd.org (Postfix) with ESMTP id A371E19F4 for ; Thu, 22 Dec 2016 14:16:59 +0000 (UTC) (envelope-from ml@netfence.it) Received: from soth.ventu (79.26.48.31) by smtp208.alice.it (8.6.060.28) (authenticated as acanedi@alice.it) id 585AB83D002887E6 for freebsd-net@freebsd.org; Thu, 22 Dec 2016 15:16:50 +0100 Received: from alamar.ventu (alamar.local.netfence.it [10.1.2.18]) by soth.ventu (8.15.2/8.15.2) with ESMTP id uBMEGRrN090631 for ; Thu, 22 Dec 2016 15:16:30 +0100 (CET) (envelope-from ml@netfence.it) X-Authentication-Warning: soth.ventu: Host alamar.local.netfence.it [10.1.2.18] claimed to be alamar.ventu From: Andrea Venturoli Subject: CARP troubles with 10.x To: freebsd-net@freebsd.org Message-ID: <248d8949-87f0-dfec-cf2d-171f5bcf4670@netfence.it> Date: Thu, 22 Dec 2016 15:16:27 +0100 User-Agent: Mozilla/5.0 (X11; FreeBSD i386; rv:45.0) Gecko/20100101 Thunderbird/45.5.1 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 22 Dec 2016 14:17:00 -0000 Hello. I've been using CARP for years and I'm only getting troubles since a week or so. My setup is as follows: > |re0=10.1.2.13/10.1.2.127 fw1 fxp0=192.168.124.3| > |client re0=10.1.2.18| --- --- |192.168.124.1 router WAN| > |re0=10.1.2.15/10.1.2.127 fw2 fxp0=192.168.124.2| Client, fw1 and fw2 are FreeBSD 10.3 with the latest patches. On fw1 I have: > ifconfig_re0="inet 10.1.2.13 netmask 255.255.255.0" > ifconfig_re0_alias0="vhid 1 advskew 100 pass xxxxxx inet 10.1.2.127" > ifconfig_fxp0="inet 192.168.124.3 netmask 255.255.255.0 -tso" On fw2 I have: > ifconfig_re0="inet 10.1.2.15 netmask 255.255.255.0" > ifconfig_re0_alias0="vhid 1 pass xxxxxx inet 10.1.2.127" > ifconfig_fxp0="192.168.124.2 netmask 255.255.255.0 -tso" "client"'s gateway is 10.1.2.127. Problem is, I start ssh sessions to some external hosts from "client"; fw1 and fw2 run stateful ipfw rules and ssh is configured to use keep-alives. After a while my ssh session will stop responding and later time out; restarting them works immediately (for a while). Digging the two firewalls' logs, I saw that the connections normally go out through fw2 (which is expected due to advskew on fw1), but at some point will switch to fw1 for no reason (no network event I'm aware of has happened). Nothing is in the logs about a CARP status change on both fw1 and fw2 (net.inet.carp.log=1). Any help is appreciated, but first thing that puzzles me is that "tcpdump -l -i re0 carp" shows absolutely nothing. Shouldn't this log the CARP advertisement packets? bye & Thanks av.