Date: Fri, 17 Oct 2008 16:37:18 -0700 From: Christopher Cowart <ccowart@rescomp.berkeley.edu> To: Mike Sweetser - Adhost <mikesw@adhost.com> Cc: freebsd-questions@freebsd.org Subject: Re: Oddities with VLAN/CARP Interfaces on Primary/Failover Setup Message-ID: <20081017233718.GQ66228@hal.rescomp.berkeley.edu> In-Reply-To: <17838240D9A5544AAA5FF95F8D52031604D8C217@ad-exh01.adhost.lan> References: <17838240D9A5544AAA5FF95F8D52031604D8C217@ad-exh01.adhost.lan>
next in thread | previous in thread | raw e-mail | index | archive | help
--jo46wx5DSA4a/gWG Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Mike Sweetser - Adhost wrote: > We currently have a primary/failover setup for two FreeBSD 6.3 servers > running PF, and we're running into odd issues when setting up multiple > subnets on a single VLAN and CARP interface. We have issues with them > coming up properly, and even worse, having both servers believe they are > master.=20 If both instances think they're MASTER, make sure you're allowing the multicast traffic for syncing state (in ipfw): | allow carp from $partner to 224.0.0.18 in via $iface Carp is protocol 112 from /etc/protocols. > Here's a snippet of one of the VLANs and CARP interfaces in question: >=20 > ifconfig_vlan10=3D"inet 10.142.255.252 netmask 255.255.0.0 vlan 10 vlandev > em2" =20 > ifconfig_vlan10_alias0=3D"inet 10.210.0.2 netmask 255.255.0.0" > ifconfig_carp10=3D"inet 10.142.255.254 netmask 255.255.0.0 vhid 10 advskew > 0 pass testpass" =20 > ifconfig_carp10_alias0=3D"inet 10.210.0.1 netmask 255.255.0.0" >=20 > The main difference between this and our other VLAN/CARP interfaces is > that because it's separate subnets, the aliases here are set up with /16 > netmasks, while the regular aliases on the others are set up with /32s. > Is this correct, or should these also be set as /32s? It's correct. If you did a /32 on the alias, your system would have no way of knowing how large the second subnet is. The /32 netmask is for adding an alias on the same subnet. I'm not sure carp can work correctly with aliases. Have you tried creating a separate vhid instance per subnet? For example: | ifconfig_vlan10=3D"inet 10.142.255.252 netmask 255.255.0.0 vlan 10 vlande= v em2" | ifconfig_vlan10_alias0=3D"inet 10.210.0.2 netmask 255.255.0.0" | ifconfig_carp10=3D"inet 10.142.255.254 netmask 255.255.0.0 vhid 10 advskew | 0 pass testpass" | ifconfig_carp11=3D"inet 10.210.0.1 netmask 255.255.0.0 vhid 11 advskew | 0 pass testpass" --=20 Chris Cowart Network Technical Lead Network & Infrastructure Services, RSSP-IT UC Berkeley --jo46wx5DSA4a/gWG Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (FreeBSD) iQIcBAEBAwAGBQJI+SGuAAoJEIGh6j3cHUNPh3wP/RBqk5TNWgwzKgak0DurABUg O0QcDrncynCkoDV399+Srd01azPxZGwohkTsdyzW5mei/MUl5CssYfHP28YCFusU inLAWBlaABN4DVLydURi6UZ1VQkuyvx2l5EXKk5tpk2gMiifdb4IYmAGOlQzADfc IPimwS8Igz8xLlxIzjRkJmUUIYI2EIMG08gXjMw1oTGV0YNlJJ+MeQkNo1brkgh5 TSn7Knsq7dd0ApY/kdFsGDoxiDLn6T6DIXcvffcqHmkGHNE/a1MFqt6Lk1caGu1T FWW+IN++r1QbMakCjmpMQRKWLnnvcDYtslfLLT6gVTaf0LBXCGW0Ainqml8pKEYi Hp5SjYe8gRqLqIUlP6rd9SzQ0RJtj8YX3CbwndauGb28vaoNBXBZtjGo2mrb1KKU eJRkvyiGL+VPt6FvNet37U6Hr6uGAMT5Ebysru4eM7lf0XGR8hhOWWwcKfhlaX5c 0mCZanmDuyCgOPoMEPSjPeSmLsEMqHXYBfvX1pJN1upRsDvSVJlwfXOXa1D2ofNN rB8P7wQCfNHP59DMx35YcaRA6pFSZ23vzuF35veS1LzKPePu2MDk1hOv/G+Vqq2O P828YgyHtuB8H9nMYqio8tLaUnebtIiCSqiqdQctngo8ZlNsLjCu1hNR4n11OJNi WDVedkDbCStpMFl0cfQY =b/dx -----END PGP SIGNATURE----- --jo46wx5DSA4a/gWG--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20081017233718.GQ66228>