[nycbug-talk] carp not responding

Josh Rivel josh
Fri Nov 18 16:09:27 EST 2005


michael wrote...
> I'm having a carp issue on OpenBSD current.

[snip]

> hostname.carp1 (on fw1)
> inet xx.xx.xx.100 255.255.255.224 vhid 27 pass foo carpdev vr1
> inet alias xx.xx.xx.101 255.255.255.255 vhid 27 pass foo carpdev vr1
> inet alias xx.xx.xx.102 255.255.255.255 vhid 27 pass foo carpdev vr1
> inet alias xx.xx.xx.103 255.255.255.255 vhid 27 pass foo carpdev vr1
> 
> hostname.carp1 (on fw2 - same thing with high askews)
> inet xx.xx.xx.100 255.255.255.224 /
> 	vhid 27 askew 100 pass foo carpdev vr1 
> inet alias xx.xx.xx.101 255.255.255.255 /
> 	vhid 27 askew 100 pass foo carpdev vr1 
> inet alias xx.xx.xx.102 255.255.255.255 / 
> 	vhid 27 askew 100 pass foo carpdev vr1 
> inet alias xx.xx.xx.103 255.255.255.255 /
> 	vhid 27 askew 100 pass foo carpdev vr1

We have carp here between several openBSD-current (altho not so 
current really) firewalls, but we're not using aliasese
for the carpX interface.
We just have carp1, carp2, carp3, etc.

hostname.bge0:
inet XX.YY.ZZ.213 255.255.255.240 NONE media 100baseTX mediaopt full-duplex

hostname.carp1:
inet XX.YY.ZZ.212 255.255.255.240 204.155.204.223 vhid 1 pass whatever
hostname.carp2:
inet XX.YY.ZZ.215 255.255.255.240 204.155.204.223 vhid 2 pass whatever
hostname.carp3:
inet XX.YY.ZZ.216 255.255.255.240 204.155.204.223 vhid 3 pass whatever

> It was suggested that carp broadcasts were interfering with the ISP
> routers and to change the vhid to something other than 1, hence the 27.

We have the following in /etc/sysctl.conf:
net.inet.carp.allow=1           # 1 = accept incoming CARP packets 
net.inet.carp.arpbalance=0      # 1 = enable ARP balancing
net.inet.carp.log=0             # 1 = enable error logging
net.inet.carp.preempt=1         # 1 = enable attempt to become master

This is 3.7-current from April 26th.  Boxes are now in production
so we can't really upgrade them so easily.

Hope this helps some....

-- 
josh




More information about the talk mailing list