From owner-freebsd-stable@FreeBSD.ORG Wed Aug 24 09:02:17 2011 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 9EF09106564A for ; Wed, 24 Aug 2011 09:02:17 +0000 (UTC) (envelope-from daniel@digsys.bg) Received: from smtp-sofia.digsys.bg (smtp-sofia.digsys.bg [193.68.3.230]) by mx1.freebsd.org (Postfix) with ESMTP id 30D2A8FC13 for ; Wed, 24 Aug 2011 09:02:16 +0000 (UTC) Received: from dcave.digsys.bg (dcave.digsys.bg [192.92.129.5]) (authenticated bits=0) by smtp-sofia.digsys.bg (8.14.4/8.14.4) with ESMTP id p7O926Eq019003 (version=TLSv1/SSLv3 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NO) for ; Wed, 24 Aug 2011 12:02:13 +0300 (EEST) (envelope-from daniel@digsys.bg) Message-ID: <4E54BE0D.5000608@digsys.bg> Date: Wed, 24 Aug 2011 12:02:05 +0300 From: Daniel Kalchev User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:6.0) Gecko/20110822 Thunderbird/6.0 MIME-Version: 1.0 To: FreeBSD-STABLE Mailing List Content-Type: text/plain; charset=windows-1251; format=flowed Content-Transfer-Encoding: 7bit Subject: CARP up at boot X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 24 Aug 2011 09:02:17 -0000 I am trying to use a CARP/HAST setup for redundancy and reply on devd for the carp up/down events to trigger role switch for the nodes. What is interesting is that upon reboot, the CARP interface always first comes up, like this: carp0: link state changed to UP carp0: MASTER -> BACKUP (more frequent advertisement received) carp0: link state changed to DOWN This causes devd to execute the event scripts as 'master' first, then shortly after execute the script as 'backup'. This may cause undesired writing to the hast providers and possibly split-brain condition. What is worse, on two hosts with the same advskew value if you reboot the BACKUP server, it would become MASTER. This results in all services teardown and starting them again on the new master. I understand that for routers, which is the original design goal for CARP it does not matter much if roles switch from time to time, but for high-latency startup systems, this is not desirable. It is best when a node becomes MASTER it stays MASTER until failure and not change state when the other node is rebooted. Perhaps CARP and devd are not the best tool, but it will help if at least the carp interface does not start as MASTER and if it waits longer, before requesting to become MASTER after reboot.