From owner-freebsd-stable@freebsd.org Wed Mar 1 14:07:03 2017 Return-Path: Delivered-To: freebsd-stable@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id DA31ECEE7D6 for ; Wed, 1 Mar 2017 14:07:03 +0000 (UTC) (envelope-from lutz@donnerhacke.de) Received: from annwfn.iks-jena.de (annwfn-eth.iks-jena.de [IPv6:2001:4bd8:0:104:20a:e4ff:fe80:3138]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 7D5A9AA3 for ; Wed, 1 Mar 2017 14:07:03 +0000 (UTC) (envelope-from lutz@donnerhacke.de) X-SMTP-Sender: IPv6:2001:4bd8:59:1:172:27:107:102 Received: from lyoness (lyoness.intern.iks-service.de [IPv6:2001:4bd8:59:1:172:27:107:102]) by annwfn.iks-jena.de (8.14.9/8.14.1) with ESMTP id v21E6kbx028481; Wed, 1 Mar 2017 15:06:50 +0100 From: "Lutz Donnerhacke" To: Cc: Subject: Re: CARP forcing failover Date: Wed, 1 Mar 2017 15:06:46 +0100 Message-ID: <000001d29295$1260ec90$3722c5b0$@donnerhacke.de> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-Mailer: Microsoft Outlook 15.0 Thread-Index: AdKSlQ8et6UbuWEtQV28Tzu40YmLJg== Content-Language: de X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 01 Mar 2017 14:07:03 -0000 > igb0.2: flags=3D8943 = metric 0 mtu 1500 > status: active > vlan: 2 vlanpcp: 0 parent interface: igb0 > carp: BACKUP vhid 3 advbase 1 advskew 50 > groups: vlan >=20 > That's two internal vlans and one external network. Each interface has = its > own vhid since that's the advice I had in the past. >=20 > Now, what command can I type that I could run remotely (SSH over the = em0 > link) to force all the CARP addresses simultaneously to decrease the = advskew > and become MASTER. Alternatively I could run something on the MASTER = to make > it BACKUP. Everything I've done so far is one command per interface = which has > got me in trouble before as I manage to accidentally remove my own = access to > the box before I'm done. You have to provide the correct subset of the parameters to change the = behaviour without changing the other properties. # ifconfig igb0.2 vhid 3 advbase 1 advskew 250 pass 'xxxx' This will change the parameters for the vhid 3 on the interface igb0.2 = only. But the change will cover *all* vhid parameters, so if you left some = off, they will vanish. Of course, you are free to use multiple IPs per interface using the = "alias" option. It does work even for carp instances. VHIDs needs to be unique per layer2 segment, because they are used as = selectors for the kernel code to validate the CARP packet. Please note, that VRRP/HSRP/GLBP may use the same packet format as CARP, = so their VHIDs should be different from yours.