Date: Wed, 1 Mar 2017 15:55:58 +1100 From: Aristedes Maniatis <ari@ish.com.au> To: Freddie Cash <fjwcash@gmail.com> Cc: FreeBSD Stable <freebsd-stable@freebsd.org> Subject: Re: CARP forcing failover Message-ID: <2b6ecb94-b53f-5ae8-a842-d897e515380a@ish.com.au> In-Reply-To: <CAOjFWZ5YTiKOz8vMfTQYGq1Q2MtcWXq0mg6oKZRrEF2H5KXKxw@mail.gmail.com> References: <cceefde6-5bef-0900-3f0a-e84b161c8ef4@ish.com.au> <CAOjFWZ5O9xvS3sZCEO-5M%2Bu1yWaijnRhD4CwKRW7UeNJMtvk=A@mail.gmail.com> <513164a2-1a73-dd03-2feb-43fa53dd1b88@ish.com.au> <CAOjFWZ5YTiKOz8vMfTQYGq1Q2MtcWXq0mg6oKZRrEF2H5KXKxw@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --mnQNRbMOpGkAVsBtt2HpNC2qpUABvUftP Content-Type: multipart/mixed; boundary="ktHoKe7r23f2DIFHn3I9JgNsPnG3lk8fO"; protected-headers="v1" From: Aristedes Maniatis <ari@ish.com.au> To: Freddie Cash <fjwcash@gmail.com> Cc: FreeBSD Stable <freebsd-stable@freebsd.org> Message-ID: <2b6ecb94-b53f-5ae8-a842-d897e515380a@ish.com.au> Subject: Re: CARP forcing failover References: <cceefde6-5bef-0900-3f0a-e84b161c8ef4@ish.com.au> <CAOjFWZ5O9xvS3sZCEO-5M+u1yWaijnRhD4CwKRW7UeNJMtvk=A@mail.gmail.com> <513164a2-1a73-dd03-2feb-43fa53dd1b88@ish.com.au> <CAOjFWZ5YTiKOz8vMfTQYGq1Q2MtcWXq0mg6oKZRrEF2H5KXKxw@mail.gmail.com> In-Reply-To: <CAOjFWZ5YTiKOz8vMfTQYGq1Q2MtcWXq0mg6oKZRrEF2H5KXKxw@mail.gmail.com> --ktHoKe7r23f2DIFHn3I9JgNsPnG3lk8fO Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable My experience is that it doesn't cause them all the failover, even though= an interface going down does cause them all to failover with the pre-emp= tion feature enabled. Ari On 1/3/17 2:31pm, Freddie Cash wrote: > Doesn't "ifconfig vhid XX state master" do what you want? It forces tha= t vhid over to master, which should preempt the other interfaces to switc= h as well. >=20 > One command. >=20 > On Feb 28, 2017 5:10 PM, "Aristedes Maniatis" <ari@ish.com.au <mailto:a= ri@ish.com.au>> wrote: >=20 > Yes, the automatic failover is great and works perfectly to bring a= ll interfaces over at once. But to manually force a failover I need to ch= ange the advskew one interface at a time with ifconfig. >=20 > Ari >=20 >=20 > On 1/3/17 12:04pm, Freddie Cash wrote: > > Do you have the preemption sysctl enabled? That will fail-over al= l carp interfaces when any one fails. > > > > "sysctl -a | grep carp" > > > > I'm pretty sure there's also an ifconfig command to force the sta= te as either master or backup. Check the man page. > > > > > > On Feb 28, 2017 5:01 PM, "Aristedes Maniatis" <ari@ish.com.au <ma= ilto:ari@ish.com.au> <mailto:ari@ish.com.au <mailto:ari@ish.com.au>>> wro= te: > > > > I have a pair network gateway boxes running FreeBSD 11 and pf= =2E Upstream runs VRRP to provide redundant links, one to each gateway. I= nternally I'm using CARP for failover. > > > > All works well, but I find that manually failing over the lin= k is a bit complicated. In short I have this: > > > > em0: flags=3D8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTIC= AST> metric 0 mtu 1500 > > media: Ethernet autoselect (100baseTX <full-duplex>) > > status: active > > carp: BACKUP vhid 1 advbase 1 advskew 50 > > igb0: flags=3D8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTI= CAST> metric 0 mtu 1500 > > media: Ethernet autoselect (1000baseT <full-duplex>) > > status: active > > carp: BACKUP vhid 2 advbase 1 advskew 50 > > igb0.2: flags=3D8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MUL= TICAST> metric 0 mtu 1500 > > status: active > > vlan: 2 vlanpcp: 0 parent interface: igb0 > > carp: BACKUP vhid 3 advbase 1 advskew 50 > > groups: vlan > > > > That's two internal vlans and one external network. Each inte= rface has its own vhid since that's the advice I had in the past. > > > > Now, what command can I type that I could run remotely (SSH o= ver the em0 link) to force all the CARP addresses simultaneously to decre= ase the advskew and become MASTER. Alternatively I could run something on= the MASTER to make it BACKUP. Everything I've done so far is one command= per interface which has got me in trouble before as I manage to accident= ally remove my own access to the box before I'm done. > > > > Cheers > > Ari > > > > please cc me. > > > > -- > > --------------------------> > > Aristedes Maniatis > > CEO, ish > > https://www.ish.com.au > > GPG fingerprint CBFB 84B4 738D 4E87 5E5C 5EFA EF6A 7D2E 3E49= 102A > > >=20 > -- > --------------------------> > Aristedes Maniatis > CEO, ish > https://www.ish.com.au > GPG fingerprint CBFB 84B4 738D 4E87 5E5C 5EFA EF6A 7D2E 3E49 102A >=20 --=20 --------------------------> Aristedes Maniatis CEO, ish https://www.ish.com.au GPG fingerprint CBFB 84B4 738D 4E87 5E5C 5EFA EF6A 7D2E 3E49 102A --ktHoKe7r23f2DIFHn3I9JgNsPnG3lk8fO-- --mnQNRbMOpGkAVsBtt2HpNC2qpUABvUftP Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- iEYEARECAAYFAli2VF4ACgkQ72p9Lj5JECq1xQCeKywT8lsslD1vozTVdt6/lSO4 B7sAn15uG5+XPoSm3waLCvNBjfp50Rw0 =1u+s -----END PGP SIGNATURE----- --mnQNRbMOpGkAVsBtt2HpNC2qpUABvUftP--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?2b6ecb94-b53f-5ae8-a842-d897e515380a>