Date: Wed, 1 Mar 2017 11:33:33 +0100 From: Markus Gebert <markus.gebert@hostpoint.ch> To: Aristedes Maniatis <ari@ish.com.au> Cc: freebsd-stable <freebsd-stable@freebsd.org> Subject: Re: CARP forcing failover Message-ID: <D8AC6777-3F61-4334-BCEA-623B5AAEBEDB@hostpoint.ch> In-Reply-To: <cceefde6-5bef-0900-3f0a-e84b161c8ef4@ish.com.au> References: <cceefde6-5bef-0900-3f0a-e84b161c8ef4@ish.com.au>
next in thread | previous in thread | raw e-mail | index | archive | help
> On 1 Mar 2017, at 01:58, Aristedes Maniatis <ari@ish.com.au> wrote: >=20 > I have a pair network gateway boxes running FreeBSD 11 and pf. = Upstream runs VRRP to provide redundant links, one to each gateway. = Internally I'm using CARP for failover. >=20 > All works well, but I find that manually failing over the link is a = bit complicated. In short I have this: >=20 > em0: flags=3D8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> = metric 0 mtu 1500 > media: Ethernet autoselect (100baseTX <full-duplex>) > status: active > carp: BACKUP vhid 1 advbase 1 advskew 50 > igb0: flags=3D8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> = metric 0 mtu 1500 > media: Ethernet autoselect (1000baseT <full-duplex>) > status: active > carp: BACKUP vhid 2 advbase 1 advskew 50 > igb0.2: flags=3D8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> = metric 0 mtu 1500 > status: active > vlan: 2 vlanpcp: 0 parent interface: igb0 > carp: BACKUP vhid 3 advbase 1 advskew 50 > groups: vlan >=20 > That's two internal vlans and one external network. Each interface has = its own vhid since that's the advice I had in the past. >=20 > Now, what command can I type that I could run remotely (SSH over the = em0 link) to force all the CARP addresses simultaneously to decrease the = advskew and become MASTER. Alternatively I could run something on the = MASTER to make it BACKUP. Everything I've done so far is one command per = interface which has got me in trouble before as I manage to accidentally = remove my own access to the box before I'm done. You may look into this sysctl: # sysctl -d net.inet.carp.demotion net.inet.carp.demotion: Adjust demotion factor (skew of advskew) Its value gets changed automatically if some event occurs (look into = net.inet.carp.ifdown_demotion_factor, = net.inet.carp.senderr_demotion_factor, net.pfsync.carp_demotion_factor), = but you may also control it manually. A positive value value will = increase the advskew of _all_ CARP announcements (on the wire, not = visible with ifconfig IIRC) and therefore reduce the priority of the = node. A negative value will of course do the opposite. Like this you can = raise/lower the advskew above/below the other node and trigger a = failover. net.inet.carp.preempt must be 1 on both nodes for this to have = an immediate effect. Beware that net.inet.carp.demotion expects _relative_ values when = altered through the sysctl interface. So 'sysctl = net.inet.carp.demotion=3D100' will increase its current value by 100 and = 'sysctl net.inet.carp.demotion=3D-100' will decrease its current value = by 100. Markus
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?D8AC6777-3F61-4334-BCEA-623B5AAEBEDB>