From owner-freebsd-net@FreeBSD.ORG Mon Mar 10 02:29:54 2008 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 07CD9106566B for ; Mon, 10 Mar 2008 02:29:54 +0000 (UTC) (envelope-from max@love2party.net) Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.187]) by mx1.freebsd.org (Postfix) with ESMTP id 9E8F38FC13 for ; Mon, 10 Mar 2008 02:29:53 +0000 (UTC) (envelope-from max@love2party.net) Received: from vampire.homelinux.org (dslb-088-066-038-140.pools.arcor-ip.net [88.66.38.140]) by mrelayeu.kundenserver.de (node=mrelayeu2) with ESMTP (Nemesis) id 0MKwtQ-1JYXlv2nJi-0003og; Mon, 10 Mar 2008 03:29:52 +0100 Received: (qmail 95890 invoked by uid 80); 10 Mar 2008 02:29:17 -0000 Received: from 192.168.4.151 (SquirrelMail authenticated user mlaier) by router.laiers.local with HTTP; Mon, 10 Mar 2008 03:29:17 +0100 (CET) Message-ID: <34558.192.168.4.151.1205116157.squirrel@router.laiers.local> In-Reply-To: <006601c881d8$f4908490$6ac8a8c0@lan.dejong.biz> References: <006601c881d8$f4908490$6ac8a8c0@lan.dejong.biz> Date: Mon, 10 Mar 2008 03:29:17 +0100 (CET) From: "Max Laier" To: "Wouter de Jong" User-Agent: SquirrelMail/1.4.13 MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal X-Provags-ID: V01U2FsdGVkX1/W42l+hORFD5kdzHRHjH9EeJLk91reArQlpkI 8w6VxGnzpVv2ICy9CzB0YCoGhoxjo3yIK2Lhc7fUz0ArDBOC0f jQ5D+1MgBRO/8xaVC+9Yg== Cc: freebsd-net@freebsd.org Subject: Re: randomized CARP ip alias order -> breaks CARP (incorrect hash) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 10 Mar 2008 02:29:54 -0000 Am So, 9.03.2008, 12:30, schrieb Wouter de Jong: > (Sorry for double posting this to freebsd-questions before, but I think > this > place might be more appropriate). indeed it is. > We have 2 FreeBSD machines running as a firewall in a CARP+pf+pfsync > setup. > Worked great, however ..... last Friday I noticed something weird. > > I had to reboot the master machine, and when it came back ... > one of the CARP addresses no longer worked. > > Looking in the logs, I got carp4: incorrect hash > > And looking at the carp interface .... both machines were running MASTER > for > this interface. > > Looking closer, I noticed my primary machine had this configuration : > > carp4: flags=49 metric 0 mtu 1500 > inet 213.206.xx.62 netmask 0xfffffff0 > inet 213.206.xx.49 netmask 0xfffffff0 > carp: MASTER vhid 4 advbase 1 advskew 100 > > and my secondary : > > carp4: flags=49 metric 0 mtu 1500 > inet 213.206.xx.49 netmask 0xfffffff0 > inet 213.206.xx.62 netmask 0xfffffff0 > carp: MASTER vhid 4 advbase 1 advskew 100 > > It swapped the carp alias alias (213.206.xx.62) to be the first address on > the interface. This has already been reported and I will look into it. Could you, however, please file a PR and CC me? Just so I don't forget (again). Thanks. > This was the only interface it happened. > > The config : > > primary: > ############################## > defaultrouter="213.206.yy.193" > hostname="fw01.xxx.yyy" > > cloned_interfaces="carp0 carp1 carp2 carp3 carp4 carp5 carp6 carp7 carp8 > carp9 carp10 carp11 carp12 carp13 carp14 carp15 carp16 carp17 carp18 > carp19 > carp20 carp21 carp22 carp23 carp24 carp25 carp26 carp27 carp28" > > ifconfig_bge0="inet 213.206.yy.194 netmask 255.255.255.240" > ifconfig_bge1="inet 213.206.xx.2 netmask 255.255.255.240" > ifconfig_bge1_alias0="inet 213.206.xx.18 netmask 255.255.255.240" > ifconfig_bge1_alias1="inet 213.206.xx.34 netmask 255.255.255.240" > ifconfig_bge1_alias2="inet 213.206.xx.50 netmask 255.255.255.240" > ifconfig_bge1_alias3="inet 213.206.xx.66 netmask 255.255.255.240" > ifconfig_bge1_alias4="inet 213.206.xx.82 netmask 255.255.255.240" > > ifconfig_carp0="vhid 255 pass blubVIP0255 213.206.yy.206/28" > ifconfig_carp1="vhid 1 pass blubVIP0001 213.206.xx.1/28" > ifconfig_carp2="vhid 2 pass blubVIP0002 213.206.xx.17/28" > ifconfig_carp2_alias0="vhid 2 pass blubVIP0002 213.206.xx.30/28" > ifconfig_carp3="vhid 3 pass blubVIP0003 213.206.xx.33/28" > ifconfig_carp4="vhid 4 pass blubVIP0004 213.206.xx.49/28" > ifconfig_carp4_alias0="vhid 4 pass blubVIP0004 213.206.xx.62/28" > ifconfig_carp5="vhid 5 pass blubVIP0005 213.206.xx.65/28" > ifconfig_carp6="vhid 6 pass blubVIP0006 213.206.xx.81/28" > ############################## > > secondary: > ############################## > defaultrouter="213.206.yy.193" > hostname="fw02.xxx.yyy" > > cloned_interfaces="carp0 carp1 carp2 carp3 carp4 carp5 carp6 carp7 carp8 > carp9 carp10 carp11 carp12 carp13 carp14 carp15 carp16 carp17 carp18 > carp19 > carp20 carp21 carp22 carp23 carp24 carp25 carp26 carp27 carp28" > > ifconfig_bge0="inet 213.206.yy.195 netmask 255.255.255.240" > ifconfig_bge1="inet 213.206.xx.3 netmask 255.255.255.240" > ifconfig_bge1_alias0="inet 213.206.xx.19 netmask 255.255.255.240" > ifconfig_bge1_alias1="inet 213.206.xx.35 netmask 255.255.255.240" > ifconfig_bge1_alias2="inet 213.206.xx.51 netmask 255.255.255.240" > ifconfig_bge1_alias3="inet 213.206.xx.67 netmask 255.255.255.240" > ifconfig_bge1_alias4="inet 213.206.xx.83 netmask 255.255.255.240" > > ifconfig_carp0="vhid 255 advskew 100 pass blubVIP0255 213.206.yy.206/28" > ifconfig_carp1="vhid 1 advskew 100 pass blubVIP0001 213.206.xx.1/28" > ifconfig_carp2="vhid 2 advskew 100 pass blubVIP0002 213.206.xx.17/28" > ifconfig_carp2_alias0="vhid 2 advskew 100 pass blubVIP0002 > 213.206.xx.30/28" > ifconfig_carp3="vhid 3 advskew 100 pass blubVIP0003 213.206.xx.33/28" > ifconfig_carp4="vhid 4 advskew 100 pass blubVIP0004 213.206.xx.49/28" > ifconfig_carp4_alias0="vhid 4 advskew 100 pass blubVIP0004 > 213.206.xx.62/28" > ifconfig_carp5="vhid 5 advskew 100 pass blubVIP0005 213.206.xx.65/28" > ifconfig_carp6="vhid 6 advskew 100 pass blubVIP0006 213.206.xx.81/28" > ############################## > > After rebooting the secondary, it still gave me incorrect hash. > But, it gave me the same thing on carp2 now. ... however, here the > secondary > had the carp2_alias0 listed as first, > where as the primary had the carp2 as first, and the carp2_alias0 as > second > address. > > How can this ever happen ? And what can I do to (manually) prevent this ? > > Now I'm redundant .... but I must pray that the addresses will come up in > the same order. > > Never had this issue on FreeBSD 6.x, but now I'm running FreeBSD > 7.0-RELEASE. > > Help ! :) > > At lease one person on freebsd-questions observes the same thing...(both > with 6.x and 7.x) > > > Kind regards, > > Wouter de Jong > The Netherlands > > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > > -- /"\ Best regards, | mlaier@freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News