From owner-freebsd-stable@freebsd.org  Wed Mar  1 01:04:29 2017
Return-Path: <owner-freebsd-stable@freebsd.org>
Delivered-To: freebsd-stable@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 9E132CF2265
 for <freebsd-stable@mailman.ysv.freebsd.org>;
 Wed,  1 Mar 2017 01:04:29 +0000 (UTC)
 (envelope-from fjwcash@gmail.com)
Received: from mail-qk0-x234.google.com (mail-qk0-x234.google.com
 [IPv6:2607:f8b0:400d:c09::234])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G2" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 5953A1B6
 for <freebsd-stable@freebsd.org>; Wed,  1 Mar 2017 01:04:29 +0000 (UTC)
 (envelope-from fjwcash@gmail.com)
Received: by mail-qk0-x234.google.com with SMTP id n186so45706382qkb.3
 for <freebsd-stable@freebsd.org>; Tue, 28 Feb 2017 17:04:29 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
 h=mime-version:in-reply-to:references:from:date:message-id:subject:to
 :cc; bh=nUb3JElOAlaOk/LkpL4XvrAX9VTO2vFJN5pR8q4CGVw=;
 b=Z68x4QPdH2ZVrNAXH7ZS6p9Ep8ozuqWKFNNTVzMMqku+DMkAizkaeqmz2EtNpV1HRP
 6iIUBVG7XMQQDdufx1ud5vBpCWsEq1MQfj+3/miqIVChY6hv4+HUGAPCOYefMpNxVmNZ
 ClAchsyJ90pGYsz3W+wKHujYECIfWNHX2xnp7+9mJGNtrcw70VPNEJtXkaNxYKXedCp+
 49rrYbI0lJm4zN0/L0Vnow9aq9iN1p4HUzKuPONyRHIi7mESWYaiinMW7g1AEO6LnJ4p
 GOgSYJu4D6V+nzQLHKaLVbb5N3Bfqvae0PB+NbWbNeuXL9xSw/OOJlAhXoqnjhK5BZ0u
 UDuw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:mime-version:in-reply-to:references:from:date
 :message-id:subject:to:cc;
 bh=nUb3JElOAlaOk/LkpL4XvrAX9VTO2vFJN5pR8q4CGVw=;
 b=MloKYZlU5iTLJiO5EEZm/TOcRz6a+5JsWxfUf7XpFVyx6hI/SZRLfPiXHxSVjztf8M
 FHdWnNYwV1Mkkd2R7wRJc2uWG5a4gzdf7KlfG9FgqtEbKXMdGkp/4qbH6mkRelQtpZhJ
 GotA84WZZxxRB307KHVsQ10WuALTo9qt5TmQ+OGg85cO23HoUPRe5FxNTRvXCnyyB+FW
 2pPO4Aqw6nT8GG4KwY9HtMNTQ4VTznU4gPWF7k4GG2FF3UGicfU2M+X2Eh/sD6/3rkm+
 LeEP1moR3tdx2oFvPqef3PGjYFC8bWsz9IkQ9uFTZktFhiSAAPb5bWI3lXEzlq4Qgbkt
 91BA==
X-Gm-Message-State: AMke39nQ8++/FgUW2BhoK2ufUF0F5LHCCeBw8lKvsMyGanlDMhh72C2syKIaPhMJHUd4MCrK0Cp8b/L1d6oaWw==
X-Received: by 10.237.34.59 with SMTP id n56mr6722798qtc.231.1488330268379;
 Tue, 28 Feb 2017 17:04:28 -0800 (PST)
MIME-Version: 1.0
Received: by 10.140.28.202 with HTTP; Tue, 28 Feb 2017 17:04:27 -0800 (PST)
Received: by 10.140.28.202 with HTTP; Tue, 28 Feb 2017 17:04:27 -0800 (PST)
In-Reply-To: <cceefde6-5bef-0900-3f0a-e84b161c8ef4@ish.com.au>
References: <cceefde6-5bef-0900-3f0a-e84b161c8ef4@ish.com.au>
From: Freddie Cash <fjwcash@gmail.com>
Date: Tue, 28 Feb 2017 17:04:27 -0800
Message-ID: <CAOjFWZ5O9xvS3sZCEO-5M+u1yWaijnRhD4CwKRW7UeNJMtvk=A@mail.gmail.com>
Subject: Re: CARP forcing failover
To: Aristedes Maniatis <ari@ish.com.au>
Cc: FreeBSD Stable <freebsd-stable@freebsd.org>
Content-Type: text/plain; charset=UTF-8
X-Content-Filtered-By: Mailman/MimeDel 2.1.23
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: Production branch of FreeBSD source code <freebsd-stable.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-stable>, 
 <mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable/>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
 <mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 01 Mar 2017 01:04:29 -0000

Do you have the preemption sysctl enabled? That will fail-over all carp
interfaces when any one fails.

"sysctl -a | grep carp"

I'm pretty sure there's also an ifconfig command to force the state as
either master or backup. Check the man page.


On Feb 28, 2017 5:01 PM, "Aristedes Maniatis" <ari@ish.com.au> wrote:

> I have a pair network gateway boxes running FreeBSD 11 and pf. Upstream
> runs VRRP to provide redundant links, one to each gateway. Internally I'm
> using CARP for failover.
>
> All works well, but I find that manually failing over the link is a bit
> complicated. In short I have this:
>
> em0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0
> mtu 1500
>         media: Ethernet autoselect (100baseTX <full-duplex>)
>         status: active
>         carp: BACKUP vhid 1 advbase 1 advskew 50
> igb0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0
> mtu 1500
>         media: Ethernet autoselect (1000baseT <full-duplex>)
>         status: active
>         carp: BACKUP vhid 2 advbase 1 advskew 50
> igb0.2: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric
> 0 mtu 1500
>         status: active
>         vlan: 2 vlanpcp: 0 parent interface: igb0
>         carp: BACKUP vhid 3 advbase 1 advskew 50
>         groups: vlan
>
> That's two internal vlans and one external network. Each interface has its
> own vhid since that's the advice I had in the past.
>
> Now, what command can I type that I could run remotely (SSH over the em0
> link) to force all the CARP addresses simultaneously to decrease the
> advskew and become MASTER. Alternatively I could run something on the
> MASTER to make it BACKUP. Everything I've done so far is one command per
> interface which has got me in trouble before as I manage to accidentally
> remove my own access to the box before I'm done.
>
> Cheers
> Ari
>
> please cc me.
>
> --
> -------------------------->
> Aristedes Maniatis
> CEO, ish
> https://www.ish.com.au
> GPG fingerprint CBFB 84B4 738D 4E87 5E5C  5EFA EF6A 7D2E 3E49 102A
>
>