From owner-freebsd-net@FreeBSD.ORG Wed Oct 5 06:20:34 2011 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 4EC4E10657C4 for ; Wed, 5 Oct 2011 06:20:34 +0000 (UTC) (envelope-from sol289@gmail.com) Received: from mail-iy0-f182.google.com (mail-iy0-f182.google.com [209.85.210.182]) by mx1.freebsd.org (Postfix) with ESMTP id 216A38FC0C for ; Wed, 5 Oct 2011 06:20:33 +0000 (UTC) Received: by iadk27 with SMTP id k27so2058107iad.13 for ; Tue, 04 Oct 2011 23:20:33 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:from:date:message-id:subject:to:content-type; bh=dhlr2P2x5Phg54gzEaP71cIy7KJPFHa8NvTMJbXscHU=; b=mXUlwCELNbjdztph57VbodvwZOqdjx/i6O8jlEq/twUMoMBzQbVeO87fsL/SGwARUf UwVZrp8utd2vGi/NlXnriBNcYElTUerpDrjpZpCjdD28kJcgI9bnaWaTuRk7cxo/gJFD vjNN2SVjiBx0yK0iEOoe0DqKAtOq+u+O5oFss= Received: by 10.42.144.200 with SMTP id c8mr1276682icv.118.1317794019091; Tue, 04 Oct 2011 22:53:39 -0700 (PDT) MIME-Version: 1.0 Received: by 10.42.229.135 with HTTP; Tue, 4 Oct 2011 22:53:19 -0700 (PDT) From: alexander lunyov Date: Wed, 5 Oct 2011 09:53:19 +0400 Message-ID: To: freebsd-net@freebsd.org Content-Type: text/plain; charset=UTF-8 Subject: carp on bridge interface: INIT X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 05 Oct 2011 06:20:34 -0000 I need to make work a scheme like this: http://i.imgur.com/1xsXX.png So, i have 3 servers: in, out1 and out2; out1 and out2 plugged into one switched environment, so they can see each other on layer 2, which is bad for me, because they can make a switching loop in some case. out1 and out2 connects with openvpn to "in" in bridged configuration, tap interfaces have no addresses. Then i make bridge interfaces on all servers and adding only tap0 interfaces to bridge0 on each server, make each bridge0 interface configured with address from 10.0.0.0/24 subnet. On this moment everything is working and servers pinging each other 10.0.0.0/24 address. Then i want to make carp work on out1 and out2 on bridge0-tap0 pair, but if i config carp0 interface to work in 10.0.0.0/24 subnet, it stays in INIT state forever - so this is my first question - why carp won't work on bridge0-tap0 interface? If i bridge tap0 and em0 interfaces on out1 and out2, then carp on both servers get into MASTER state, i get switching loop and when i use tcpdump on bridge0 interfaces (-i bridge0 net 10.0.0.0/24), on out1 i see ONLY vrrp advertisements from out2 (no advertisements from out1), on out2 bridge0 i see ONLY advertisements from out1, and on "in" bridge0 i see advertisements from both servers, and nothing is working. So, here's the second question - how to make things work in this case? STP? But how to configure it, what interfaces put into STP? And will my precious carp work with STP? Thank you for your attention. -- your sweet isn't ready yet