From owner-freebsd-questions@FreeBSD.ORG  Tue May 12 21:11:52 2009
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id F177D1065674
	for <freebsd-questions@freebsd.org>;
	Tue, 12 May 2009 21:11:52 +0000 (UTC)
	(envelope-from ccowart@rescomp.berkeley.edu)
Received: from hal.rescomp.berkeley.edu (hal.Rescomp.Berkeley.EDU
	[169.229.70.150])
	by mx1.freebsd.org (Postfix) with ESMTP id D6EFB8FC18
	for <freebsd-questions@freebsd.org>;
	Tue, 12 May 2009 21:11:52 +0000 (UTC)
	(envelope-from ccowart@rescomp.berkeley.edu)
Received: by hal.rescomp.berkeley.edu (Postfix, from userid 1225)
	id 51B1B3C05EC; Tue, 12 May 2009 14:11:52 -0700 (PDT)
Date: Tue, 12 May 2009 14:11:52 -0700
From: Chris Cowart <ccowart@rescomp.berkeley.edu>
To: Ricardo Augusto de Souza <ricardo.souza@cmtsp.com.br>
Message-ID: <20090512211152.GC49013@hal.rescomp.berkeley.edu>
Mail-Followup-To: Ricardo Augusto de Souza <ricardo.souza@cmtsp.com.br>,
	"freebsd-questions@freebsd.org" <freebsd-questions@freebsd.org>
References: <E85141A51657B14A981D1FF0E65F72465DB8A1FF7E@EXVS04.corpmail.net>
	<E85141A51657B14A981D1FF0E65F72465DB8A1FFEB@EXVS04.corpmail.net>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-ripemd160;
	protocol="application/pgp-signature"; boundary="dkEUBIird37B8yKS"
Content-Disposition: inline
In-Reply-To: <E85141A51657B14A981D1FF0E65F72465DB8A1FFEB@EXVS04.corpmail.net>
Organization: RSSP-IT, UC Berkeley
User-Agent: Mutt/1.5.18 (2008-05-17)
Cc: "freebsd-questions@freebsd.org" <freebsd-questions@freebsd.org>
Subject: Re: RES: Cant setup carp as BACKUP
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 12 May 2009 21:11:53 -0000


--dkEUBIird37B8yKS
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Ricardo Augusto de Souza wrote:
> Anyone know how do i 'force' a carp to be backup?
> I set a advskew higher than the master but it comes up as master.

Is there a host-based or network-based firewall blocking the carp
protocol?=20

In ipfw, you would need:

/sbin/ipfw add allow carp from $SOME_IP to 224.0.0.18 in via $SOME_INT

For me:

| ccowart wifi-aux-1 / $ ifconfig vlan91
| vlan91: flags=3D8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metr=
ic 0 mtu 1500
|         options=3D3<RXCSUM,TXCSUM>
|         ether 00:1d:09:29:a7:f5
|         inet 10.9.64.2 netmask 0xfffff000 broadcast 10.9.79.255
|         media: Ethernet autoselect (1000baseTX <full-duplex>)
|         status: active
|         vlan: 91 parent interface: bce1
| ccowart wifi-aux-1 / $ ifconfig carp11=20
| carp11: flags=3D49<UP,LOOPBACK,RUNNING> metric 0 mtu 1500
|         inet 10.9.64.1 netmask 0xffffffff=20
|         carp: BACKUP vhid 11 advbase 1 advskew 100
| ccowart wifi-aux-1 / $ ifconfig carp21
| carp21: flags=3D49<UP,LOOPBACK,RUNNING> metric 0 mtu 1500
|         inet 10.9.64.1 netmask 0xffffffff=20
|         carp: MASTER vhid 21 advbase 1 advskew 0
| ccowart wifi-aux-1 / $ sudo tcpdump -i vlan91 proto carp
| tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
| listening on vlan91, link-type EN10MB (Ethernet), capture size 96 bytes
| 14:06:36.009984 IP 10.9.64.3 > VRRP.MCAST.NET: VRRPv2, Advertisement, vri=
d=20
|   11, prio 0, authtype none, intvl 1s, length 36
| 14:06:36.143937 IP 10.9.64.2 > VRRP.MCAST.NET: VRRPv2, Advertisement, vri=
d=20
|   21, prio 0, authtype none, intvl 1s, length 36
| 14:06:37.012025 IP 10.9.64.3 > VRRP.MCAST.NET: VRRPv2, Advertisement, vri=
d=20
|   11, prio 0, authtype none, intvl 1s, length 36
| 14:06:37.146003 IP 10.9.64.2 > VRRP.MCAST.NET: VRRPv2, Advertisement, vri=
d=20
|   21, prio 0, authtype none, intvl 1s, length 36

Use tcpdump on your parent interfaces to see if you're seeing the
multicast traffic. Make sure your firewalls allow this traffic.

--=20
Chris Cowart
Network Technical Lead
Network & Infrastructure Services, RSSP-IT
UC Berkeley

--dkEUBIird37B8yKS
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.10 (FreeBSD)

iQIcBAEBAwAGBQJKCeYYAAoJEIGh6j3cHUNPMaYQAMLbqvqZ648q/zGgSJx928CR
uEUCSjAoLxo4bSJ7t7Lkq43D/MElpQI0dFAsGDwLdM6H7wUUC4tyO8EAHykodN4N
kgzixSvVlEFp0QNahzSkuyIMel+zX8Z+wvYpxxYXTP8o7xE38lXTZDpCpJjVzRy/
uWAPN/wvUnBvkX00hJ9NKPDLV7JwbyGh9+E6LTo07/Bk+vnk7wbm3zaDMpl38aOf
+0NWDTEdAJHketyqSwuAOJp5nyh2lktQCNVj6o/yjH4lvVemnY5+/E/v/e8ruo/9
hEWqRDBk/h6sQToAKjOC0hoCS5GXEPKeuH84KNl/VIHJ1D6N1weDwo2iju2H541d
hcXAWqBWtJtH9jKg8wr+PM92SIouAyV+FksOvSnHW9eVZt+H9lWzVNscYc0Qvztg
SP7+xpeFVkztNRpXw/5BJWBE3jusGUjsLePo6CmH3T8KaL4qkUpRUf4TpqJNzN/6
LPd62kYANV3Wzr7G9dhRoYH1DYvbXi0TamgYtXYN1iSLtr3oiSrwthEDo4ko5zGW
+ZFy9GiUwScLkYRrl2fQTA3Bsd0Gzp0r5/D040kQIAzUaAbeYeVRJnYiN2AFkutK
P7K15RnZe9Vi8rIoxXOE83CPGIwisrmh4hzUcR2DjUUzSHwlfNpv/K3RZbYoQKkD
u9wcbpGhq9wkxwc3/5DZ
=nL+6
-----END PGP SIGNATURE-----

--dkEUBIird37B8yKS--