Mike Sweetser - Adhost wrote: > We currently have a primary/failover setup for two FreeBSD 6.3 servers > running PF, and we're running into odd issues when setting up multiple > subnets on a single VLAN and CARP interface. We have issues with them > coming up properly, and even worse, having both servers believe they are > master.
If both instances think they're MASTER, make sure you're allowing the multicast traffic for syncing state (in ipfw): | allow carp from $partner to 224.0.0.18 in via $iface Carp is protocol 112 from /etc/protocols. > Here's a snippet of one of the VLANs and CARP interfaces in question: > > ifconfig_vlan10="inet 10.142.255.252 netmask 255.255.0.0 vlan 10 vlandev > em2" > ifconfig_vlan10_alias0="inet 10.210.0.2 netmask 255.255.0.0" > ifconfig_carp10="inet 10.142.255.254 netmask 255.255.0.0 vhid 10 advskew > 0 pass testpass" > ifconfig_carp10_alias0="inet 10.210.0.1 netmask 255.255.0.0" > > The main difference between this and our other VLAN/CARP interfaces is > that because it's separate subnets, the aliases here are set up with /16 > netmasks, while the regular aliases on the others are set up with /32s. > Is this correct, or should these also be set as /32s? It's correct. If you did a /32 on the alias, your system would have no way of knowing how large the second subnet is. The /32 netmask is for adding an alias on the same subnet. I'm not sure carp can work correctly with aliases. Have you tried creating a separate vhid instance per subnet? For example: | ifconfig_vlan10="inet 10.142.255.252 netmask 255.255.0.0 vlan 10 vlandev em2" | ifconfig_vlan10_alias0="inet 10.210.0.2 netmask 255.255.0.0" | ifconfig_carp10="inet 10.142.255.254 netmask 255.255.0.0 vhid 10 advskew | 0 pass testpass" | ifconfig_carp11="inet 10.210.0.1 netmask 255.255.0.0 vhid 11 advskew | 0 pass testpass" -- Chris Cowart Network Technical Lead Network & Infrastructure Services, RSSP-IT UC Berkeley
pgpqOoyOt5N1x.pgp
Description: PGP signature
