From owner-freebsd-stable@freebsd.org Wed Mar 1 01:01:04 2017 Return-Path: Delivered-To: freebsd-stable@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id B5D50CF20BE for ; Wed, 1 Mar 2017 01:01:04 +0000 (UTC) (envelope-from prvs=02331596ec=ari@ish.com.au) Received: from fish.ish.com.au (202-161-115-54.static.tpgi.com.au [202.161.115.54]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 7D790DED for ; Wed, 1 Mar 2017 01:01:03 +0000 (UTC) (envelope-from prvs=02331596ec=ari@ish.com.au) Received: from ip-136.ish.com.au ([203.29.62.136]:52654) by fish.ish.com.au with esmtpsa (TLSv1.2:DHE-RSA-AES128-SHA:128) (Exim 4.82_1-5b7a7c0-XX) (envelope-from ) id 1cisau-0000a5-1p for freebsd-stable@freebsd.org; Wed, 01 Mar 2017 11:58:16 +1100 To: freebsd-stable From: Aristedes Maniatis Subject: CARP forcing failover Message-ID: Date: Wed, 1 Mar 2017 11:58:13 +1100 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:45.0) Gecko/20100101 Thunderbird/45.7.1 MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="FIB0n9UMiQ5g87f9oRhhxrnjCxN3q7B45" X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 01 Mar 2017 01:01:04 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --FIB0n9UMiQ5g87f9oRhhxrnjCxN3q7B45 Content-Type: multipart/mixed; boundary="dW0clSgju8NbpbR1wrbSTgcd6eJHkklb6"; protected-headers="v1" From: Aristedes Maniatis To: freebsd-stable Message-ID: Subject: CARP forcing failover --dW0clSgju8NbpbR1wrbSTgcd6eJHkklb6 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable I have a pair network gateway boxes running FreeBSD 11 and pf. Upstream r= uns VRRP to provide redundant links, one to each gateway. Internally I'm = using CARP for failover. All works well, but I find that manually failing over the link is a bit c= omplicated. In short I have this: em0: flags=3D8943 metric = 0 mtu 1500 media: Ethernet autoselect (100baseTX ) status: active carp: BACKUP vhid 1 advbase 1 advskew 50 igb0: flags=3D8943 metric= 0 mtu 1500 media: Ethernet autoselect (1000baseT ) status: active carp: BACKUP vhid 2 advbase 1 advskew 50 igb0.2: flags=3D8943 metr= ic 0 mtu 1500 status: active vlan: 2 vlanpcp: 0 parent interface: igb0 carp: BACKUP vhid 3 advbase 1 advskew 50 groups: vlan That's two internal vlans and one external network. Each interface has it= s own vhid since that's the advice I had in the past. Now, what command can I type that I could run remotely (SSH over the em0 = link) to force all the CARP addresses simultaneously to decrease the advs= kew and become MASTER. Alternatively I could run something on the MASTER = to make it BACKUP. Everything I've done so far is one command per interfa= ce which has got me in trouble before as I manage to accidentally remove = my own access to the box before I'm done. Cheers Ari please cc me. --=20 --------------------------> Aristedes Maniatis CEO, ish https://www.ish.com.au GPG fingerprint CBFB 84B4 738D 4E87 5E5C 5EFA EF6A 7D2E 3E49 102A --dW0clSgju8NbpbR1wrbSTgcd6eJHkklb6-- --FIB0n9UMiQ5g87f9oRhhxrnjCxN3q7B45 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- iEYEARECAAYFAli2HKYACgkQ72p9Lj5JECqwlQCfStZyQE4khxiIKcWy4BfJoFeg MLEAn38ykZSpXqin+25QnYuRnoOTYKQM =H//8 -----END PGP SIGNATURE----- --FIB0n9UMiQ5g87f9oRhhxrnjCxN3q7B45--