[nycbug-talk] carp not responding

michael lists
Fri Nov 18 13:28:28 EST 2005


I'm having a carp issue on OpenBSD current.

xx.xx.xx.98         xx.xx.xx.99 
   |                        |
   |  xx.xx.xx.100-103      |
   |      |         |       |
---|------|---+  +--|-------|---+
  fw1   carp1 |  | carp1   fw2  |
---|----------+  +----------|---+
   |                        |
10.10.10.1              10.10.10.2
   |                        |
   |--- internal network ---|

Each firewall has 2 nics; one external and one internal.

I'm trying to set up a virtual interface on both boxes that contain the
rest of the IP issued by the ISP.  That virtual interface should respond
to calls to the IPs and I will set up pf to handle NAT to the internal
servers.  I can ssh into each firewall (using .98 and .99) and then ssh
to the internal network using the local net.

/etc/sysctrl.conf
net.inet.carp.allow=1
net.inet.carp.preempt=1
net.inet.carp.log=1

hostname.carp1 (on fw1)
inet xx.xx.xx.100 255.255.255.224 vhid 27 pass foo carpdev vr1
inet alias xx.xx.xx.101 255.255.255.255 vhid 27 pass foo carpdev vr1
inet alias xx.xx.xx.102 255.255.255.255 vhid 27 pass foo carpdev vr1
inet alias xx.xx.xx.103 255.255.255.255 vhid 27 pass foo carpdev vr1

hostname.carp1 (on fw2 - same thing with high askews)
inet xx.xx.xx.100 255.255.255.224 /
	vhid 27 askew 100 pass foo carpdev vr1 
inet alias xx.xx.xx.101 255.255.255.255 /
	vhid 27 askew 100 pass foo carpdev vr1 
inet alias xx.xx.xx.102 255.255.255.255 / 
	vhid 27 askew 100 pass foo carpdev vr1 
inet alias xx.xx.xx.103 255.255.255.255 /
	vhid 27 askew 100 pass foo carpdev vr1

It was suggested that carp broadcasts were interfering with the ISP
routers and to change the vhid to something other than 1, hence the 27.

I can not get the carp interaface to come up.  On boot, ifconfig should
show the IPs in the carp group but just shows..

carp1: flags=8802<BROADCAST,SIMPLEX,MULTICAST> mtu 1500
        groups: carp

Maybe I'm not providing enough, but, can anyone notice where I'm going
wrong? 

Michael




More information about the talk mailing list