Date: Thu, 22 Dec 2016 15:16:27 +0100 From: Andrea Venturoli <ml@netfence.it> To: freebsd-net@freebsd.org Subject: CARP troubles with 10.x Message-ID: <248d8949-87f0-dfec-cf2d-171f5bcf4670@netfence.it>
next in thread | raw e-mail | index | archive | help
Hello. I've been using CARP for years and I'm only getting troubles since a week or so. My setup is as follows: > |re0=10.1.2.13/10.1.2.127 fw1 fxp0=192.168.124.3| > |client re0=10.1.2.18| --- --- |192.168.124.1 router WAN| > |re0=10.1.2.15/10.1.2.127 fw2 fxp0=192.168.124.2| Client, fw1 and fw2 are FreeBSD 10.3 with the latest patches. On fw1 I have: > ifconfig_re0="inet 10.1.2.13 netmask 255.255.255.0" > ifconfig_re0_alias0="vhid 1 advskew 100 pass xxxxxx inet 10.1.2.127" > ifconfig_fxp0="inet 192.168.124.3 netmask 255.255.255.0 -tso" On fw2 I have: > ifconfig_re0="inet 10.1.2.15 netmask 255.255.255.0" > ifconfig_re0_alias0="vhid 1 pass xxxxxx inet 10.1.2.127" > ifconfig_fxp0="192.168.124.2 netmask 255.255.255.0 -tso" "client"'s gateway is 10.1.2.127. Problem is, I start ssh sessions to some external hosts from "client"; fw1 and fw2 run stateful ipfw rules and ssh is configured to use keep-alives. After a while my ssh session will stop responding and later time out; restarting them works immediately (for a while). Digging the two firewalls' logs, I saw that the connections normally go out through fw2 (which is expected due to advskew on fw1), but at some point will switch to fw1 for no reason (no network event I'm aware of has happened). Nothing is in the logs about a CARP status change on both fw1 and fw2 (net.inet.carp.log=1). Any help is appreciated, but first thing that puzzles me is that "tcpdump -l -i re0 carp" shows absolutely nothing. Shouldn't this log the CARP advertisement packets? bye & Thanks av.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?248d8949-87f0-dfec-cf2d-171f5bcf4670>