From owner-freebsd-stable@FreeBSD.ORG Thu Sep 15 16:39:37 2011 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 85A03106564A for ; Thu, 15 Sep 2011 16:39:37 +0000 (UTC) (envelope-from lavalamp@probikesllc.com) Received: from relay01.pair.com (relay01.pair.com [209.68.5.15]) by mx1.freebsd.org (Postfix) with SMTP id 30CAC8FC15 for ; Thu, 15 Sep 2011 16:39:36 +0000 (UTC) Received: (qmail 4470 invoked from network); 15 Sep 2011 16:12:55 -0000 Received: from 216.151.95.152 (HELO vger.digitalfreaks.org) (216.151.95.152) by relay01.pair.com with SMTP; 15 Sep 2011 16:12:55 -0000 X-pair-Authenticated: 216.151.95.152 Date: Thu, 15 Sep 2011 12:12:55 -0400 (EDT) From: "Brian Seklecki (Mobile)" X-X-Sender: lavalamp@vger.digitalfreaks.org To: Damien Fleuriot In-Reply-To: <4E7218A4.4000205@my.gd> Message-ID: References: <4E71C059.5060404@hi-media.com> <4E7218A4.4000205@my.gd> User-Agent: Alpine 2.00 (BSF 1167 2008-08-23) MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: "freebsd-stable@freebsd.org" Subject: Re: CARP interfaces and mastership issue X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 15 Sep 2011 16:39:37 -0000 > Things went smoothly but when we brought the production VLANs up again > at layer 2 on the switches, when spanning-tree converged we had again a > double MASTER problem. > In older versions of FBSD, creating logical interfaces like vlan(4) and carp(4) had an nasty inadvertent side effect of toggling the state of the underlying phyiscal interface. This may be fixed in newer version. This would then then cause STP to reset on the switchport which can take up to 50 seconds to restore. In the mean time, the backup host hasn't heard from the master and assume the role of master. You can try turning on switchport spanning-tree portfast on your backup system which should cut down this time signifantly. If you can assure that no STP BPDUs will be announced from your CARP system, then its probably safe to run PortFast on a trunk. The same is true after a reboot. Maybe hack the RC script to force the CARP interfaces on your backup to stay down at boot time for an extra 10/15 seconds ~BAS > I understand I could have avoided it by destroying/recreating the CARP > interfaces, but even in this case there is a split second during which > both firewalls are CARP MASTER. > > > > > Is there any way to force CARP to assume INIT state for some time when > coming up, and only after X seconds either become MASTER or BACKUP ? > > Any other idea how to solve this, guys ? > > _______________________________________________ > freebsd-stable@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-stable > To unsubscribe, send any mail to "freebsd-stable-unsubscribe@freebsd.org" >