Site Navigation

Date:      Tue, 21 Apr 2009 23:01:02 +0200
From:      Sebastiaan van Erk <sebster@sebster.com>
To:        Stanislav Sedov <stas@FreeBSD.org>
Cc:        freebsd-cluster@freebsd.org
Subject:   Re: pf and carp, BACKUP host dropping connection
Message-ID:  <49EE340E.4090006@sebster.com>
In-Reply-To: <20090421123735.f7caf3cc.stas@FreeBSD.org>
References:  <49EC68B6.9090303@sebster.com> <20090421123735.f7caf3cc.stas@FreeBSD.org>

---

index | next in thread | previous in thread | raw e-mail

---

[-- Attachment #1 --]


Stanislav Sedov wrote:
 > On Mon, 20 Apr 2009 14:21:10 +0200
 > Sebastiaan van Erk <sebster@sebster.com> mentioned:
>> I think once I have pfsync the problem will go away due to the 
>> synchronized state (the backups won't block anymore), but it still seems 
>> strange to me that all 3 machines will then be actively filtering the 
>> packets...
>>
>> Does anybody know what's going on?
>>
> 
> I'd suggest to look first why all of them're receiving this traffic. It
> looks like something is not right in the network itself.

After reading about CARP some more, I think that's the expected behavior:

--- http://www.openbsd.org/faq/faq6.html#CARP ---
How it works: CARP is a multicast protocol. It groups several physical 
computers together under one or more virtual addresses. Of these, one 
system is the master and responds to all packets destined for the group, 
the other systems act as hot spares.
--- http://www.openbsd.org/faq/faq6.html#CARP ---

Since I don't have pfsync enabled yet the other two machines don't have 
the propper state and will drop the connection. Normally this would only 
pollute the log, but on the internal networks I don't want connections 
to hang for long periods so I do "block return". This causes pf to 
respond to the traffic since it doesn't know anything about the machine 
being a carp backup, and thus the originating host receives a RST and 
drops the connection.

I'm wondering if the combination block return + carp is going to work at 
all, even with pfsync... I will do some more research on that.

Regards,
Sebastiaan




[-- Attachment #2 --]
0�	*�H��

��0�

10	+0�	*�H��


��	Q0�0�l�
S|
��6�$1-~�j�0
	*�H��


0b10	UZA1%0#U
Thawte Consulting (Pty) Ltd.1,0*U#Thawte Personal Freemail Issuing CA0
080630135157Z
090630135157Z0h10Uvan Erk10U*
Sebastiaan10USebastiaan van Erk1"0 	*�H��

	
sebster@sebster.com0�
"0
	*�H��



�
0�

�

���
�Va�\b��E�nݚ��a<���M8�ʄ���^tv>x��7
����3bo���hi���2oq������S�_�¶�Bm^�p����*I	x"��9pt���!j������a�r�#���)n)��^�?'�z�<).+Ѐ4i����g���R'�UP��*\��Ւ���,?��.�;?f�B�ܯ����TzM I�Dվ�CK�*�3�Y��ŧ
�m��ca�z���t��xʐs�q�/

�00.0U0�sebster@sebster.com0U

�00
	*�H��


��KT�4�W6��ӽ���q]
t�S`�� %f�1��G:H��b�z�Jj$Ej��E��'�J���V~�-�VbVn�JZE/�`@��@0�4!+�T:��c	پ���f`$Z�=1�#|�o�G[�OBRG0�0�l�
S|
��6�$1-~�j�0
	*�H��


0b10	UZA1%0#U
Thawte Consulting (Pty) Ltd.1,0*U#Thawte Personal Freemail Issuing CA0
080630135157Z
090630135157Z0h10Uvan Erk10U*
Sebastiaan10USebastiaan van Erk1"0 	*�H��

	
sebster@sebster.com0�
"0
	*�H��



�
0�

�

���
�Va�\b��E�nݚ��a<���M8�ʄ���^tv>x��7
����3bo���hi���2oq������S�_�¶�Bm^�p����*I	x"��9pt���!j������a�r�#���)n)��^�?'�z�<).+Ѐ4i����g���R'�UP��*\��Ւ���,?��.�;?f�B�ܯ����TzM I�Dվ�CK�*�3�Y��ŧ
�m��ca�z���t��xʐs�q�/

�00.0U0�sebster@sebster.com0U

�00
	*�H��


��KT�4�W6��ӽ���q]
t�S`�� %f�1��G:H��b�z�Jj$Ej��E��'�J���V~�-�VbVn�JZE/�`@��@0�4!+�T:��c	پ���f`$Z�=1�#|�o�G[�OBRG0�?0���


0
	*�H��


0��10	UZA10UWestern Cape10U	Cape Town10U
Thawte Consulting1(0&UCertification Services Division1$0"UThawte Personal Freemail CA1+0)	*�H��

	
personal-freemail@thawte.com0
030717000000Z
130716235959Z0b10	UZA1%0#U
Thawte Consulting (Pty) Ltd.1,0*U#Thawte Personal Freemail Issuing CA0��0
	*�H��



��0����Ħ<UsU�N�ʙZh�up��������[�v�:a�Q�
��P
0�cZ,�p����+�Z�?qV˯<���6$*�+��w=�+��>�@�dק���e��*T�H���<a@dr`��

���0��0U

�0

�
0CU<0:08�6�4�2http://crl.thawte.com/ThawtePersonalFreemailCA.crl0U
0)U"0 �010UPrivateLabel2-1380
	*�H��


��H��P��.�
�f�g�����C���L!��6�-�6/��P �p<���ab��:~�����t�%P�b��'qW%�ݩ�9�� Oe_�������N���4�[5Mw�V!x��!5�$��F�]_eO1�q0�m

0v0b10	UZA1%0#U
Thawte Consulting (Pty) Ltd.1,0*U#Thawte Personal Freemail Issuing CAS|
��6�$1-~�j�0	+��
�0	*�H��

	1	*�H��


0	*�H��

	1
090421210102Z0#	*�H��

	1�M�)��_(�S����eu�0_	*�H��

	1R0P0	`�H
e
0
*�H��
0*�H��
�0
*�H��

@0+0
*�H��

(0��	+

�71x0v0b10	UZA1%0#U
Thawte Consulting (Pty) Ltd.1,0*U#Thawte Personal Freemail Issuing CAS|
��6�$1-~�j�0��*�H��

	1x�v0b10	UZA1%0#U
Thawte Consulting (Pty) Ltd.1,0*U#Thawte Personal Freemail Issuing CAS|
��6�$1-~�j�0
	*�H��



�
35`����"�7t�hZ��Ev�[��U����+�%�; ZX,�����(��HhyB��w�ыݠ���B�m����ө������ұ�AY�S��m3���7��8��u}������\�mj�i�{���m��D��u��Z�փg�z��氲p��8pV����Z��
C��8R�U�8-
�߰]~�P��p�u��LcW8�r��u&nF�/��Ϲ
�nm4��c��]�P�ܭ6KNf����B�_wZ�2��P���

help

---

Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?49EE340E.4090006>

Legal Notices | © 1995-2026 The FreeBSD Project. All rights reserved.

Contact