[nycbug-talk] carp not responding
michael
lists
Fri Nov 18 13:28:28 EST 2005
I'm having a carp issue on OpenBSD current.
xx.xx.xx.98 xx.xx.xx.99
| |
| xx.xx.xx.100-103 |
| | | |
---|------|---+ +--|-------|---+
fw1 carp1 | | carp1 fw2 |
---|----------+ +----------|---+
| |
10.10.10.1 10.10.10.2
| |
|--- internal network ---|
Each firewall has 2 nics; one external and one internal.
I'm trying to set up a virtual interface on both boxes that contain the
rest of the IP issued by the ISP. That virtual interface should respond
to calls to the IPs and I will set up pf to handle NAT to the internal
servers. I can ssh into each firewall (using .98 and .99) and then ssh
to the internal network using the local net.
/etc/sysctrl.conf
net.inet.carp.allow=1
net.inet.carp.preempt=1
net.inet.carp.log=1
hostname.carp1 (on fw1)
inet xx.xx.xx.100 255.255.255.224 vhid 27 pass foo carpdev vr1
inet alias xx.xx.xx.101 255.255.255.255 vhid 27 pass foo carpdev vr1
inet alias xx.xx.xx.102 255.255.255.255 vhid 27 pass foo carpdev vr1
inet alias xx.xx.xx.103 255.255.255.255 vhid 27 pass foo carpdev vr1
hostname.carp1 (on fw2 - same thing with high askews)
inet xx.xx.xx.100 255.255.255.224 /
vhid 27 askew 100 pass foo carpdev vr1
inet alias xx.xx.xx.101 255.255.255.255 /
vhid 27 askew 100 pass foo carpdev vr1
inet alias xx.xx.xx.102 255.255.255.255 /
vhid 27 askew 100 pass foo carpdev vr1
inet alias xx.xx.xx.103 255.255.255.255 /
vhid 27 askew 100 pass foo carpdev vr1
It was suggested that carp broadcasts were interfering with the ISP
routers and to change the vhid to something other than 1, hence the 27.
I can not get the carp interaface to come up. On boot, ifconfig should
show the IPs in the carp group but just shows..
carp1: flags=8802<BROADCAST,SIMPLEX,MULTICAST> mtu 1500
groups: carp
Maybe I'm not providing enough, but, can anyone notice where I'm going
wrong?
Michael
More information about the talk
mailing list