From owner-freebsd-net@FreeBSD.ORG  Mon Mar 10 02:29:54 2008
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 07CD9106566B
	for <freebsd-net@freebsd.org>; Mon, 10 Mar 2008 02:29:54 +0000 (UTC)
	(envelope-from max@love2party.net)
Received: from moutng.kundenserver.de (moutng.kundenserver.de
	[212.227.126.187])
	by mx1.freebsd.org (Postfix) with ESMTP id 9E8F38FC13
	for <freebsd-net@freebsd.org>; Mon, 10 Mar 2008 02:29:53 +0000 (UTC)
	(envelope-from max@love2party.net)
Received: from vampire.homelinux.org (dslb-088-066-038-140.pools.arcor-ip.net
	[88.66.38.140])
	by mrelayeu.kundenserver.de (node=mrelayeu2) with ESMTP (Nemesis)
	id 0MKwtQ-1JYXlv2nJi-0003og; Mon, 10 Mar 2008 03:29:52 +0100
Received: (qmail 95890 invoked by uid 80); 10 Mar 2008 02:29:17 -0000
Received: from 192.168.4.151 (SquirrelMail authenticated user mlaier)
	by router.laiers.local with HTTP;
	Mon, 10 Mar 2008 03:29:17 +0100 (CET)
Message-ID: <34558.192.168.4.151.1205116157.squirrel@router.laiers.local>
In-Reply-To: <006601c881d8$f4908490$6ac8a8c0@lan.dejong.biz>
References: <006601c881d8$f4908490$6ac8a8c0@lan.dejong.biz>
Date: Mon, 10 Mar 2008 03:29:17 +0100 (CET)
From: "Max Laier" <max@love2party.net>
To: "Wouter de Jong" <maddog2k@maddog2k.net>
User-Agent: SquirrelMail/1.4.13
MIME-Version: 1.0
Content-Type: text/plain;charset=iso-8859-1
Content-Transfer-Encoding: 8bit
X-Priority: 3 (Normal)
Importance: Normal
X-Provags-ID: V01U2FsdGVkX1/W42l+hORFD5kdzHRHjH9EeJLk91reArQlpkI
	8w6VxGnzpVv2ICy9CzB0YCoGhoxjo3yIK2Lhc7fUz0ArDBOC0f
	jQ5D+1MgBRO/8xaVC+9Yg==
Cc: freebsd-net@freebsd.org
Subject: Re: randomized CARP ip alias order -> breaks CARP (incorrect hash)
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 10 Mar 2008 02:29:54 -0000


Am So, 9.03.2008, 12:30, schrieb Wouter de Jong:
> (Sorry for double posting this to freebsd-questions before, but I think
> this
> place might be more appropriate).

indeed it is.

> We have 2 FreeBSD machines running as a firewall in a CARP+pf+pfsync
> setup.
> Worked great, however ..... last Friday I noticed something weird.
>
> I had to reboot the master machine, and when it came back ...
> one of the CARP addresses no longer worked.
>
> Looking in the logs, I got carp4: incorrect hash
>
> And looking at the carp interface .... both machines were running MASTER
> for
> this interface.
>
> Looking closer, I noticed my primary machine had this configuration :
>
> carp4: flags=49<UP,LOOPBACK,RUNNING> metric 0 mtu 1500
>         inet 213.206.xx.62 netmask 0xfffffff0
>         inet 213.206.xx.49 netmask 0xfffffff0
>         carp: MASTER vhid 4 advbase 1 advskew 100
>
> and my secondary :
>
> carp4: flags=49<UP,LOOPBACK,RUNNING> metric 0 mtu 1500
>         inet 213.206.xx.49 netmask 0xfffffff0
>         inet 213.206.xx.62 netmask 0xfffffff0
>         carp: MASTER vhid 4 advbase 1 advskew 100
>
> It swapped the carp alias alias (213.206.xx.62) to be the first address on
> the interface.

This has already been reported and I will look into it.  Could you,
however, please file a PR and CC me?  Just so I don't forget (again). 
Thanks.

> This was the only interface it happened.
>
> The config :
>
> primary:
> ##############################
> defaultrouter="213.206.yy.193"
> hostname="fw01.xxx.yyy"
>
> cloned_interfaces="carp0 carp1 carp2 carp3 carp4 carp5 carp6 carp7 carp8
> carp9 carp10 carp11 carp12 carp13 carp14 carp15 carp16 carp17 carp18
> carp19
> carp20 carp21 carp22 carp23 carp24 carp25 carp26 carp27 carp28"
>
> ifconfig_bge0="inet 213.206.yy.194  netmask 255.255.255.240"
> ifconfig_bge1="inet 213.206.xx.2  netmask 255.255.255.240"
> ifconfig_bge1_alias0="inet 213.206.xx.18  netmask 255.255.255.240"
> ifconfig_bge1_alias1="inet 213.206.xx.34  netmask 255.255.255.240"
> ifconfig_bge1_alias2="inet 213.206.xx.50  netmask 255.255.255.240"
> ifconfig_bge1_alias3="inet 213.206.xx.66  netmask 255.255.255.240"
> ifconfig_bge1_alias4="inet 213.206.xx.82  netmask 255.255.255.240"
> <etc,etc>
> ifconfig_carp0="vhid 255 pass blubVIP0255 213.206.yy.206/28"
> ifconfig_carp1="vhid 1 pass blubVIP0001 213.206.xx.1/28"
> ifconfig_carp2="vhid 2 pass blubVIP0002 213.206.xx.17/28"
> ifconfig_carp2_alias0="vhid 2 pass blubVIP0002 213.206.xx.30/28"
> ifconfig_carp3="vhid 3 pass blubVIP0003 213.206.xx.33/28"
> ifconfig_carp4="vhid 4 pass blubVIP0004 213.206.xx.49/28"
> ifconfig_carp4_alias0="vhid 4 pass blubVIP0004 213.206.xx.62/28"
> ifconfig_carp5="vhid 5 pass blubVIP0005 213.206.xx.65/28"
> ifconfig_carp6="vhid 6 pass blubVIP0006 213.206.xx.81/28"
> ##############################
>
> secondary:
> ##############################
> defaultrouter="213.206.yy.193"
> hostname="fw02.xxx.yyy"
>
> cloned_interfaces="carp0 carp1 carp2 carp3 carp4 carp5 carp6 carp7 carp8
> carp9 carp10 carp11 carp12 carp13 carp14 carp15 carp16 carp17 carp18
> carp19
> carp20 carp21 carp22 carp23 carp24 carp25 carp26 carp27 carp28"
>
> ifconfig_bge0="inet 213.206.yy.195  netmask 255.255.255.240"
> ifconfig_bge1="inet 213.206.xx.3  netmask 255.255.255.240"
> ifconfig_bge1_alias0="inet 213.206.xx.19  netmask 255.255.255.240"
> ifconfig_bge1_alias1="inet 213.206.xx.35  netmask 255.255.255.240"
> ifconfig_bge1_alias2="inet 213.206.xx.51  netmask 255.255.255.240"
> ifconfig_bge1_alias3="inet 213.206.xx.67  netmask 255.255.255.240"
> ifconfig_bge1_alias4="inet 213.206.xx.83  netmask 255.255.255.240"
> <etc,etc>
> ifconfig_carp0="vhid 255 advskew 100 pass blubVIP0255 213.206.yy.206/28"
> ifconfig_carp1="vhid 1 advskew 100 pass blubVIP0001 213.206.xx.1/28"
> ifconfig_carp2="vhid 2 advskew 100 pass blubVIP0002 213.206.xx.17/28"
> ifconfig_carp2_alias0="vhid 2 advskew 100 pass blubVIP0002
> 213.206.xx.30/28"
> ifconfig_carp3="vhid 3 advskew 100 pass blubVIP0003 213.206.xx.33/28"
> ifconfig_carp4="vhid 4 advskew 100 pass blubVIP0004 213.206.xx.49/28"
> ifconfig_carp4_alias0="vhid 4 advskew 100 pass blubVIP0004
> 213.206.xx.62/28"
> ifconfig_carp5="vhid 5 advskew 100 pass blubVIP0005 213.206.xx.65/28"
> ifconfig_carp6="vhid 6 advskew 100 pass blubVIP0006 213.206.xx.81/28"
> ##############################
>
> After rebooting the secondary, it still gave me incorrect hash.
> But, it gave me the same thing on carp2 now. ... however, here the
> secondary
> had the carp2_alias0 listed as first,
> where as the primary had the carp2 as first, and the carp2_alias0 as
> second
> address.
>
> How can this ever happen ? And what can I do to (manually) prevent this ?
>
> Now I'm redundant .... but I must pray that the addresses will come up in
> the same order.
>
> Never had this issue on FreeBSD 6.x, but now I'm running FreeBSD
> 7.0-RELEASE.
>
> Help ! :)
>
> At lease one person on freebsd-questions observes the same thing...(both
> with 6.x and 7.x)
>
>
> Kind regards,
>
> Wouter de Jong
> The Netherlands
>
> _______________________________________________
> freebsd-net@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-net
> To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"
>
>


-- 
/"\  Best regards,                      | mlaier@freebsd.org
\ /  Max Laier                          | ICQ #67774661
 X   http://pf4freebsd.love2party.net/  | mlaier@EFnet
/ \  ASCII Ribbon Campaign              | Against HTML Mail and News