Date: Tue, 8 Sep 2020 15:38:14 +0200 From: Michael Gmelin <freebsd@grem.de> To: Julien Cigar <julien@perdition.city> Cc: freebsd-net@freebsd.org Subject: Re: CARP over VLAN over LAGG Message-ID: <D1909DA3-8F27-48B8-905E-ABB419DCB69A@grem.de> In-Reply-To: <20200908132314.2txabgcuz4wmsq7n@x1> References: <20200908132314.2txabgcuz4wmsq7n@x1>
next in thread | previous in thread | raw e-mail | index | archive | help
> On 8. Sep 2020, at 15:23, Julien Cigar <julien@perdition.city> wrote: >=20 > =EF=BB=BFOn Tue, Sep 01, 2020 at 10:13:23AM +0200, Julien Cigar wrote: >>> On Mon, Aug 31, 2020 at 01:55:52PM +0200, Michael Gmelin wrote: >>>=20 >>>=20 >>>> On 31. Aug 2020, at 10:37, Julien Cigar <julien@perdition.city> wrote: >>>>=20 >>>> =EF=BB=BFOn Fri, Aug 28, 2020 at 04:52:01PM +0200, Julien Cigar wrote: >>>>> Hello, >>>>>=20 >>>>> I have a "highly available" router/firewall with the following >>>>> configuration (1). Those are plugged in two 2930F (with VSF) using LAC= P. >>>>> It works well, except that I have some weird issues with the CARP=20 >>>>> demotion counter when I'm unplugging some interfaces involved in the=20= >>>>> lagg/carp setup, for example if I unplug/replug igb0 and igb1 in this=20= >>>>> case: >>>>>=20 >>>>> (dmesg): >>>>> igb0: link state changed to DOWN >>>>> igb1: link state changed to DOWN >>>>> carp: demoted by 240 to 240 (send error 50 on vlan11) >>>>> carp: 11@vlan11: MASTER -> BACKUP (more frequent advertisement receive= d) >>>>> vlan11: deletion failed: 3 >>>>> igb1: link state changed to UP >>>>> igb0: link state changed to UP >>>>>=20 >>>>> then the CARP status stays to BACKUP unless I demote the CARP demotion= >>>>> counter manually with: sudo sysctl net.inet.carp.demotion=3D-240: >>>>>=20 >>>>> (dmesg): >>>>> carp: demoted by -240 to 0 (sysctl) >>>>> carp: 11@vlan11: BACKUP -> MASTER (preempting a slower master) >>>>>=20 >>>>> I guess this is because it takes some time for lagg/lacp to converge a= nd >>>>> thus carp thinks that there is a problematic condition as it experienc= es >>>>> problems with sending announcements.. >>>>>=20 >>>>> What it the best way to handle this? >>>>=20 >>>> I'm wondering if setting net.inet.carp.senderr_demotion_factor to "0" >>>> could be a solution? Are there any downsides of setting this to "0" >>>> instead of "240"? >>>>=20 >>>=20 >>> Sharing your pf.conf from both hosts could be helpful analyzing the issu= e. >>=20 >> Here is my pf.conf (it's the same on both host): >> https://gist.github.com/silenius/b758851f03c28ef8caaa53cfe381c455 >>=20 >> However, I don't think pf is the issue here, the problem is that there >> is a slight delay when LAGG/LACP converge and thus CARP increase the >> demotion counter by net.inet.carp.senderr_demotion_factor (240). >=20 > I can confirm that after setting net.inet.carp.senderr_demotion_factor=3D0= > (instead of 240) it works as expected. >=20 Cool, thanks for posting the solution. I don=E2=80=99t think I ever used CAR= P with lagg (usually I had redundant firewalls with CARP and servers using l= agg connected to both of them). Cheers, Michael >>=20 >>>=20 >>> -m >>>=20 >>>=20 >>=20 >> --=20 >> Julien Cigar >> Belgian Biodiversity Platform (http://www.biodiversity.be) >> PGP fingerprint: EEF9 F697 4B68 D275 7B11 6A25 B2BB 3710 A204 23C0 >> No trees were killed in the creation of this message. >> However, many electrons were terribly inconvenienced. >> _______________________________________________ >> freebsd-net@freebsd.org mailing list >> https://lists.freebsd.org/mailman/listinfo/freebsd-net >> To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" >=20 > --=20 > Julien Cigar > Belgian Biodiversity Platform (http://www.biodiversity.be) > PGP fingerprint: EEF9 F697 4B68 D275 7B11 6A25 B2BB 3710 A204 23C0 > No trees were killed in the creation of this message. > However, many electrons were terribly inconvenienced.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?D1909DA3-8F27-48B8-905E-ABB419DCB69A>