From owner-freebsd-net@FreeBSD.ORG Sat Apr 12 17:50:43 2008 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id DB25A106564A for ; Sat, 12 Apr 2008 17:50:43 +0000 (UTC) (envelope-from dr@nevernet.com) Received: from yw-out-2324.google.com (yw-out-2324.google.com [74.125.46.30]) by mx1.freebsd.org (Postfix) with ESMTP id D83028FC12 for ; Sat, 12 Apr 2008 17:50:26 +0000 (UTC) (envelope-from dr@nevernet.com) Received: by yw-out-2324.google.com with SMTP id 2so360880ywt.13 for ; Sat, 12 Apr 2008 10:50:19 -0700 (PDT) Received: by 10.151.15.13 with SMTP id s13mr4623574ybi.200.1208021015944; Sat, 12 Apr 2008 10:23:35 -0700 (PDT) Received: from ?192.168.20.6? ( [97.97.98.50]) by mx.google.com with ESMTPS id h34sm16430026wxd.10.2008.04.12.10.23.34 (version=TLSv1/SSLv3 cipher=OTHER); Sat, 12 Apr 2008 10:23:35 -0700 (PDT) Message-Id: From: david robertson To: freebsd-net@freebsd.org Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes Content-Transfer-Encoding: 7bit Mime-Version: 1.0 (Apple Message framework v919.2) Date: Sat, 12 Apr 2008 13:23:33 -0400 X-Mailer: Apple Mail (2.919.2) Subject: bridge interface down, yet still bridging? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 12 Apr 2008 17:50:43 -0000 I've got an issue that only crops up every so often (every few months), and it's theoretically impossible. I've got two FreeBSD 6.2 firewalls in a failover state, using bridging (I don't control .1, and don't have a choice). I use ifstated and carp to monitor which one is master, and which is slave. The slave has the bridge0 interface down, and the master has it up. On to the issue: Last night the problem came back, the network looped via the bridges, even though the bridge interface on the backup failover was in a 'down' state. The loop was verified by our hosting company, the two uplink ports that the firewalls are in were doing the exact same amount of traffic inbound and outbound - definately a loop. As soon as they disabled one of the firewall ports, everything went back to normal. At this point, I verified the bridge interface was infact down on the failover firewall. Hosting company turned back on the port, and blam - loop. Has anyone ever come across this specific issue before?