From owner-freebsd-net@FreeBSD.ORG Thu Jan 30 00:55:20 2014 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 9637138D for ; Thu, 30 Jan 2014 00:55:20 +0000 (UTC) Received: from out4-smtp.messagingengine.com (out4-smtp.messagingengine.com [66.111.4.28]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 659971EA1 for ; Thu, 30 Jan 2014 00:55:20 +0000 (UTC) Received: from compute1.internal (compute1.nyi.mail.srv.osa [10.202.2.41]) by gateway1.nyi.mail.srv.osa (Postfix) with ESMTP id 15BBC20C66 for ; Wed, 29 Jan 2014 19:55:18 -0500 (EST) Received: from frontend1 ([10.202.2.160]) by compute1.internal (MEProxy); Wed, 29 Jan 2014 19:55:18 -0500 DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d= messagingengine.com; h=content-type:mime-version:subject:from :in-reply-to:date:cc:content-transfer-encoding:message-id :references:to; s=smtpout; bh=NX/OrH7/1OJxJdubTttkDG2E+OA=; b=bD k2ZJt1u2+gf/d/Fs7KEOxqoMMGrC0RQVbLeNr4stwiN3NCA5cX54csmGsewRdPPN L5zyjXJxGZUjJqpks/Mzs+10IJb3FWSyoyl11ce4lUqTh7DsPJcwrDUAAAvClswx BaagBSlkr9KhS4JVxf+2hLIhgg5k9HaOwTh4qIs9M= X-Sasl-enc: MIBf6EKWPZeWy2mXG1OjSkVRX+42FYOXOP1mRmFvsw8G 1391043317 Received: from [172.16.1.145] (unknown [68.117.126.78]) by mail.messagingengine.com (Postfix) with ESMTPA id 8DEEBC00E81; Wed, 29 Jan 2014 19:55:17 -0500 (EST) Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 7.1 \(1827\)) Subject: Re: carp and rtadvd From: Mark Felder In-Reply-To: <52E7AB9B.5050707@dataoppdrag.no> Date: Wed, 29 Jan 2014 18:55:16 -0600 Content-Transfer-Encoding: quoted-printable Message-Id: References: <52E7AB9B.5050707@dataoppdrag.no> To: Ole Myhre X-Mailer: Apple Mail (2.1827) Cc: FreeBSD Net X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 30 Jan 2014 00:55:20 -0000 On Jan 28, 2014, at 7:07, Ole Myhre wrote: > Hi, >=20 > I have a simple setup with two 10.0-RELEASE firewalls running carp, a > virtual IPv6 address and running rtadvd: >=20 > (applied to both firewalls) >=20 > # kldload carp > # ifconfig em2 inet6 2001:db8::1/64 vhid 1 up > # sysctl net.inet6.ip6.forwarding=3D1 > # echo 'rtadvd_enable=3D"YES"' >> /etc/rc.conf > # echo 'rtadvd_interfaces=3D"em2"' >> /etc/rc.conf > # service rtadvd start >=20 > This works fine, one firewall is MASTER, the other BACKUP and the > clients behind em2 gets a prefix in the 2001:db8::/64 subnet. However > both firewalls are sending router advertisements (only one being = MASTER) > with the LL-address of the physical em2 interface as the gateway. This > causes clients that supports multiple default gateways to select both > firewalls as their default gateway, and sending traffic to both the > MASTER and BACKUP firewall. >=20 > Is there a way to make only the MASTER send router advertisements or > (preferably only the MASTER) sending router advertisements with a > virtual LL-address? >=20 What I would do is use devd to start/stop the rtadvd service based on = whether or not you're master. # notify 30 { # match "system" "IFNET"; # match "subsystem" "carp0"; # match "type" "LINK_UP"; # action "/path/to/script/or/command"; # }; # =20 # notify 30 { # match "system" "IFNET"; # match "subsystem" "carp0"; # match "type" "LINK_DOWN"; # action "/path/to/script/or/command"; # };