[nycbug-talk] Multiple CARP addresses on Free

Isaac Levy ike
Sat Mar 4 13:08:36 EST 2006 

Hi David,

On Mar 4, 2006, at 2:01 AM, David Lawson wrote:

> Hey,
> I'm trying to set up a pair of FreeBSD boxes as a NATing gateway/
> firewall with CARP and pf, and I'm running into a few problems with
> the rc.conf incantation to get things working correctly, I'm hoping
> someone here might be able to point me in the right direction.  I'm
> trying to set up two CARP addresses, one for the external interfaces
> and one for the internal ones.  The external one (carp0) works fine
> on boot, but the internal one (carp1) does not.  The interface is
> created, but it's not assigned to a vhid nor does it acquire the IP
> address I've assigned it in rc.conf.

Hrm.  Something smells like a bug (but in my neighborhood, if you  
haven't seen the cockroaches yet, don't put out the traps- they  
attract the cockroaches...) so I'll bite my tounge.

> The FreeBSD way seems to
> diverge significantly from the OpenBSD way on this matter and the
> documentation (what I've found at least) isn't as comprehensive as
> I'd like, so I'm hoping someone can shed some light on the matter.

For the long-term, can you point to these resources?  I'd like to  
read them and try to resolve these differences- (again, thinking long- 
term).

> I'm excerpting the relevant portions of my rc.conf below with the IP
> addresses elided.
>
> cloned_interfaces="carp0 carp1"
> ifconfig_carp0="vhid 1 pass foo 1.2.3.4/24"
> ifconfig carp1="vhid 2 pass bar 192.168.23.221/24"
>
> On boot, carp0 comes up fine, but carp1 comes up like this:
> carp1: flags=0<> mtu 1500
>
> Interestingly enough, if I run /etc/rc.d/netif restart, it does throw
> an error:
> ifconfig: interface carp1=vhid 2 pas does not exist

For the short-term, could you try putting that ifconfig command into  
rc.local and report back to see what happens? (Of course, commenting  
out the carp1 line in your rc.conf).

Here's my logic on trying that- I have a feeling, based on some other  
experiences with rc scripts barfing for 'more esoteric' features,  
<cough>jail</cough> that the rc script may be doing something  
improperly with ifconfig specific to the carp interfaces.  (I.E. it  
may be something where the carp parts were tacked into the netif rc  
stuff as an afterthought- this stuff is only 2 years old in the  
FreeBSD world...).

If the rc.local hack works, then it seems to me it would be worth  
finding the bug in the rc.d/netif shell script, and submitting a PR.   
(I'd get in on that btw).

>
> I've no idea what to make of that, personally.  I can bring the
> interface up manually with:
> ifconfig carp1 vhid 2 pass bar 192.168.23.221/24
>
> Any suggestions?  I appreciate any comments anyone might have.

I hope this suggestion is sane for you- I hate suggesting band-aids,  
but if it works towards a proper fix long-term it's worth trying?

Rocket-
.ike

More information about the talk mailing list