From owner-freebsd-questions@FreeBSD.ORG Tue Feb 21 10:54:05 2012 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id DB9331065672 for ; Tue, 21 Feb 2012 10:54:05 +0000 (UTC) (envelope-from ml@my.gd) Received: from mail-bk0-f54.google.com (mail-bk0-f54.google.com [209.85.214.54]) by mx1.freebsd.org (Postfix) with ESMTP id 5AADC8FC13 for ; Tue, 21 Feb 2012 10:54:04 +0000 (UTC) Received: by bkcjg1 with SMTP id jg1so7085798bkc.13 for ; Tue, 21 Feb 2012 02:54:04 -0800 (PST) Received-SPF: pass (google.com: domain of ml@my.gd designates 10.204.148.90 as permitted sender) client-ip=10.204.148.90; Authentication-Results: mr.google.com; spf=pass (google.com: domain of ml@my.gd designates 10.204.148.90 as permitted sender) smtp.mail=ml@my.gd Received: from mr.google.com ([10.204.148.90]) by 10.204.148.90 with SMTP id o26mr9726247bkv.121.1329821644252 (num_hops = 1); Tue, 21 Feb 2012 02:54:04 -0800 (PST) Received: by 10.204.148.90 with SMTP id o26mr7791071bkv.121.1329821643345; Tue, 21 Feb 2012 02:54:03 -0800 (PST) Received: from dfleuriot-at-hi-media.com ([83.167.62.196]) by mx.google.com with ESMTPS id x20sm44613167bka.9.2012.02.21.02.54.01 (version=SSLv3 cipher=OTHER); Tue, 21 Feb 2012 02:54:02 -0800 (PST) Message-ID: <4F4377C9.5090804@my.gd> Date: Tue, 21 Feb 2012 11:54:01 +0100 From: Damien Fleuriot User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:10.0.2) Gecko/20120216 Thunderbird/10.0.2 MIME-Version: 1.0 To: peter knezel References: <4F314AFB.8080901@my.gd> <4F3BEA73.9060005@my.gd> <4F3CC11D.1080105@my.gd> In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Gm-Message-State: ALoCoQndsVzRxT0bENRtkIguSGV2qr6aml4++HeCsVJiQKg3DzL5D45bi16vtfoNk3YVjkVgFNKF Cc: "freebsd-questions@freebsd.org" Subject: Re: From analysis of a simple ifstated.conf to more compex example X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 21 Feb 2012 10:54:05 -0000 Yes, I do mean you can have several IPs on a single CARP interface, see the example below: carp17: flags=49 metric 0 mtu 1500 inet 46.182.41.72 netmask 0xffffffff inet 46.182.41.76 netmask 0xffffffff inet 46.182.41.77 netmask 0xffffffff inet 46.182.41.78 netmask 0xffffffff inet 46.182.41.79 netmask 0xffffffff inet 46.182.41.80 netmask 0xffffffff inet 46.182.41.81 netmask 0xffffffff inet 46.182.41.82 netmask 0xffffffff inet 46.182.41.83 netmask 0xffffffff carp: MASTER vhid 117 advbase 1 advskew 100 See the rc.conf bit where I set the IPs: # WAN CARP ipv4_addrs_carp17="46.182.41.72/32 46.182.41.76/32 46.182.41.77/32 46.182.41.78/32 46.182.41.79/32 46.182.41.80/32 46.182.41.81/32 46.182.41.82/32 46.182.41.83/32" ifconfig_carp17="vhid 117 pass [removed] advskew 100" Regarding dedicating a given IP to a given service, you are supposed to do that in the service's configuration, when telling it which IP address to bind to. You can also use pf or ipfw to filter the services allowed on a given IP. On 2/21/12 11:48 AM, peter knezel wrote: > Do ypu mean that only carp0 is defined on both servers and it has > three different IPs? > How is it possible to define them so they are set for ftp, tftp and > scp separately for the defined IPs? > > Kind regards, > > Peter > > On 21/02/2012, Damien Fleuriot wrote: >> To be honest, I'm not sure it's a good idea to use different *interfaces*. >> >> Why don't you set multiple IPs on a single carp interface instead ? >> >> On 21 Feb 2012, at 08:29, peter knezel wrote: >> >>> Hello Damien, >>> >>> preemption is set on both systems, so when master server goes down or >>> any CARP interface on master >>> goes down, slave becomes master (but only on the CARP interface if >>> only that went down). >>> >>> Can you have a look at my previous question??: >>> if the different carp interfaces >>> are used for different purpose (ftp, tftp, scp), is it a good idea to >>> put down all of them, if they are able to serve their purpose? >>> >>> >>> Thanks and kind regards, >>> >>> Peter >>> >>> On 16/02/2012, Damien Fleuriot wrote: >>>> Preemption is used to ensure that, if a CARP interface goes down on host >>>> A, host B will then assume mastership for all interfaces. >>>> >>>> It prevents the nasty situation where you'd have, for example: >>>> >>>> Public IP: master on host A >>>> Private IP: master on host B >>>> >>>> servers behind firewalls hosts A and B: >>>> - traffic arrives on host A which creates a PF state >>>> - servers reply via their default gateway, the CARP IP now master on host >>>> B >>>> >>>> Host B doesn't have a state for the traffic, drops it. >>>> >>>> >>>> To enable preemption you need to run sysctl net.inet.carp.preempt=1 and >>>> add the corresponding line to your sysctls file in etc. >>>> >>>> >>>> On 2/15/12 7:04 PM, peter knezel wrote: >>>>> Well, >>>>> >>>>> I am not fully familiar with CARP, but if the different carp interfaces >>>>> are used for different purpose (ftp, tftp, scp), is it a good idea to >>>>> put down all of them, if they are able to serve their purpose? >>>>> >>>>> BTW, what is CARP preemption and how is it possible to enable it? >>>>> >>>>> Kind regards, >>>>> >>>>> Peter >>>>> >>>>> On 15 February 2012 18:25, Damien Fleuriot > >>>>> wrote: >>>>> >>>>> Sorry about the late reply, didn't see yours. >>>>> >>>>> What about enabling CARP preemption to ensure that when a carp >>>>> interface >>>>> goes down, the whole set does ? >>>>> >>>>> >>>>> On 2/7/12 9:13 PM, peter knezel wrote: >>>>>> Hello Damien, >>>>>> >>>>>> I did read your example but cannot get idea from it. >>>>>> For three interfaces you have much more possibilities. >>>>>> >>>>>> Imagine you start the server from uuu state which is equal to >>>>>> net = '( "ifconfig -a -u |grep carp0 > /dev/null" every 3 && >>>>> "ifconfig -a -u >>>>>> |grep carp1 > /dev/null" every 3 && "ifconfig -a -u |grep carp2 > >>>>> /dev/null" >>>>>> every 3)' >>>>>> >>>>>> Now you put down one carp interface - so system is in state : >>>>>> *state one:* >>>>>> (duu) || (udu) || (uud) <----which is same as !$net >>>>>> run script1.sh >>>>>> go to twoff >>>>>> >>>>>> now imagine, you put down any other carp interface: >>>>>> *state twoff: * >>>>>> (dud) || (ddu) || (udd) >>>>>> run script2.sh >>>>>> go to two >>>>>> >>>>>> *state two: * >>>>>> put all interfaces up >>>>>> run script3.sh >>>>>> go to state one >>>>>> >>>>>> it means, this is one of the possibilities system can behave (this >>>>>> situation does not describe all possible states - I have taken this >>>>>> special example.) >>>>>> >>>>>> Now if you want to put up after putting down one carp interface, you >>>>>> fail since it is in state twoff. >>>>>> Only of you put down second carp interface it goes to state two and >>>>> if >>>>>> you put both up, it will go to state one. >>>>>> >>>>>> This is where my ifstated.conf fails to work. >>>>>> >>>>>> Kind regards, >>>>>> >>>>>> Peter Knezel >>>>>> >>>>>> >>>>>> On 7 February 2012 17:02, Damien Fleuriot >>>> >> >>>>>> wrote: >>>>>> >>>>>> On 2/7/12 3:36 PM, peter knezel wrote: >>>>>>> Hello all, >>>>>>> >>>>>>> I would like to ask somebody to explain me how the ifstated >>>>> works >>>>>> according to >>>>>>> the following configuration file. >>>>>>> I have three virtual carp interfaces carp0,carp1 and carp2. >>>>>>> >>>>>>> I try to understand the following setting: >>>>>>> The server is in state one (all carp interfaces are up) and >>>>> if there >>>>>>> is carp down of any: >>>>>>> one (carp0 or carp1 or carp2), >>>>>>> two ([carp0 and carp1] or [carp0 and carp2] or [carp1 and >>>>> carp2]), >>>>>>> three interfaces (carp 0 and carp1 and carp2), server >>>>>>> runs the script testdown.sh and put the server into state two. >>>>>>> If all carp interfaces are up, the server runs the testup.sh >>>>> and set >>>>>>> the state to one. >>>>>>> >>>>>> >>>>>> That is my understanding. >>>>>> >>>>>> >>>>>>> Is it the way the system works? >>>>>>> Or am I wrong? >>>>>>> >>>>>>> === >>>>>>> init-state one >>>>>>> >>>>>>> net = '( "ifconfig -a -u |grep carp0 > /dev/null" every 3 && >>>>>> "ifconfig -a -u >>>>>>> |grep carp1 > /dev/null" every 3 && "ifconfig -a -u |grep >>>>> carp2 > >>>>>> /dev/null" >>>>>>> every 3)' >>>>>>> >>>>>>> state one { >>>>>>> if ( ! $net ) { >>>>>>> run "/usr/local/testdown.sh" >>>>>>> set-state two >>>>>>> } >>>>>>> } >>>>>>> >>>>>>> state two { >>>>>>> if ( $net ) { >>>>>>> run "/usr/local/testup.sh" >>>>>>> set-state one >>>>>>> } >>>>>>> } >>>>>>> === >>>>>>> >>>>>>> Is there any possibility to define and set ifstated.conf that >>>>>> reacts when: >>>>>>> >>>>>>> any one of the carp interfaces is down - followed by >>>>> another any >>>>>>> other carp interface down >>>>>>> >>>>>>> >>>>>>> I tried to define states: >>>>>>> >>>>>>> duu ="!carp0.link.up && carp1.link.up && carp2.link.up" >>>>>>> udu ="carp0.link.up && !carp1.link.up && carp2.link.up" >>>>>>> uud ="carp0.link.up && carp1.link.up && !carp2.link.up" >>>>>>> ddu ="!carp0.link.up && !carp1.link.up" >>>>>>> dud ="!carp0.link.up && !carp2.link.up" >>>>>>> udd ="!carp1.link.up && !carp2.link.up" >>>>>>> >>>>>>> and used them but somehow I cannot incorporate all state >>>>> changes and >>>>>>> include it in ifstated.conf. >>>>>>> >>>>>> >>>>>> >>>>>> Works fine here, did you not have any luck with the file I >>>>> posted >>>>>> earlier ? >>>>>> _______________________________________________ >>>>>> freebsd-questions@freebsd.org >>>>> >>>>> >>>> > >>>>>> mailing list >>>>>> http://lists.freebsd.org/mailman/listinfo/freebsd-questions >>>>>> To unsubscribe, send any mail to >>>>>> "freebsd-questions-unsubscribe@freebsd.org >>>>> >>>>>> >>>> >" >>>>>> >>>>>> >>>>> >>>>> >>>> >>