[nycbug-talk] carp not responding
Josh Rivel
josh
Fri Nov 18 16:09:27 EST 2005
michael wrote...
> I'm having a carp issue on OpenBSD current.
[snip]
> hostname.carp1 (on fw1)
> inet xx.xx.xx.100 255.255.255.224 vhid 27 pass foo carpdev vr1
> inet alias xx.xx.xx.101 255.255.255.255 vhid 27 pass foo carpdev vr1
> inet alias xx.xx.xx.102 255.255.255.255 vhid 27 pass foo carpdev vr1
> inet alias xx.xx.xx.103 255.255.255.255 vhid 27 pass foo carpdev vr1
>
> hostname.carp1 (on fw2 - same thing with high askews)
> inet xx.xx.xx.100 255.255.255.224 /
> vhid 27 askew 100 pass foo carpdev vr1
> inet alias xx.xx.xx.101 255.255.255.255 /
> vhid 27 askew 100 pass foo carpdev vr1
> inet alias xx.xx.xx.102 255.255.255.255 /
> vhid 27 askew 100 pass foo carpdev vr1
> inet alias xx.xx.xx.103 255.255.255.255 /
> vhid 27 askew 100 pass foo carpdev vr1
We have carp here between several openBSD-current (altho not so
current really) firewalls, but we're not using aliasese
for the carpX interface.
We just have carp1, carp2, carp3, etc.
hostname.bge0:
inet XX.YY.ZZ.213 255.255.255.240 NONE media 100baseTX mediaopt full-duplex
hostname.carp1:
inet XX.YY.ZZ.212 255.255.255.240 204.155.204.223 vhid 1 pass whatever
hostname.carp2:
inet XX.YY.ZZ.215 255.255.255.240 204.155.204.223 vhid 2 pass whatever
hostname.carp3:
inet XX.YY.ZZ.216 255.255.255.240 204.155.204.223 vhid 3 pass whatever
> It was suggested that carp broadcasts were interfering with the ISP
> routers and to change the vhid to something other than 1, hence the 27.
We have the following in /etc/sysctl.conf:
net.inet.carp.allow=1 # 1 = accept incoming CARP packets
net.inet.carp.arpbalance=0 # 1 = enable ARP balancing
net.inet.carp.log=0 # 1 = enable error logging
net.inet.carp.preempt=1 # 1 = enable attempt to become master
This is 3.7-current from April 26th. Boxes are now in production
so we can't really upgrade them so easily.
Hope this helps some....
--
josh
More information about the talk
mailing list