[FUG-BR] CARP + Ifstated

Fábio Ferrão Wed, 27 May 2009 08:57:56 -0700

Senhores,

Estou utilizando CARP + ifstated para 3 interfaces virtuais em cada um dos
dois firewalls envolvidos. Por enquanto apenas um firewall com FreeBSD 7.2
Stable está rodando o CARP, pois o outro está sendo instalado.


O meu problema é:
O ifstated.conf está testando 3 interfaces conforme abaixo:

*#!/usr/local/bin/bash

init-state one

net = '( "ifconfig -a -u |grep carp0 > /dev/null" every 3 && "ifconfig -a -u
|grep carp1 > /dev/null" every 3 && "ifconfig -a -u |grep carp2 > /dev/null"
every 3)'

state one {
        if ( ! $net ) {
                run "/sbin/ifconfig carp0 advskew 200"
                run "/sbin/ifconfig carp1 advskew 200"
                run "/sbin/ifconfig carp2 advskew 200"
                set-state two
        }
}

state two {
        if ( $net ) {
                run "/sbin/ifconfig carp0 advskew 1"
                run "/sbin/ifconfig carp1 advskew 1"
                run "/sbin/ifconfig carp2 advskew 1"
                set-state one
        }
}*

Quando o ifstated é iniciado com o conf acima, a saída é a seguinte:

*[r...@firewall ~]# ifstated -dv -f /usr/local/etc/ifstated.conf
net = "( "ifconfig -a -u |grep carp0 > /dev/null" every 2 && "ifconfig -a -u
|grep carp1 > /dev/null" every 2 && "ifconfig -a -u |grep carp2 > /dev/null"
every 2)"
ifstated: initial state: one
ifstated: changing state to one
ifstated: started
ifstated: running /sbin/ifconfig carp0 advskew 200
ifstated: running /sbin/ifconfig carp1 advskew 200
ifstated: running /sbin/ifconfig carp2 advskew 200
ifstated: changing state to two
ifstated: running /sbin/ifconfig carp0 advskew 1
ifstated: running /sbin/ifconfig carp1 advskew 1
ifstated: running /sbin/ifconfig carp2 advskew 1
ifstated: changing state to one
ifstated: running /sbin/ifconfig carp0 advskew 200
ifstated: running /sbin/ifconfig carp1 advskew 200
ifstated: running /sbin/ifconfig carp2 advskew 200
ifstated: changing state to two*

Com isso as interfaces CARP do meu firewall ficam da seguinte forma:

*carp0: flags=49<UP,LOOPBACK,RUNNING> metric 0 mtu 1500
    inet 10.0.0.1 netmask 0xff000000
    carp: MASTER vhid 1 advbase 1 advskew 200
carp1: flags=49<UP,LOOPBACK,RUNNING> metric 0 mtu 1500
    inet 10.0.1.1 netmask 0xffff0000
    carp: MASTER vhid 2 advbase 1 advskew 200
carp2: flags=49<UP,LOOPBACK,RUNNING> metric 0 mtu 1500
    inet 10.0.2.1 netmask 0xff000000
    carp: MASTER vhid 3 advbase 1 advskew 200
*
O correto seria que as interfaces CARP ficassem com advskew 1, pois todas
estão up. A propósito o parâmetro -u do ifconfig mostra as interfaces que
estão UP. De acordo com a saída acima, dá impressão que uma das interfaces
não está up e por isso o script entrou no primeiro if.
Após isso, se eu executar um* ifconfig carp0 down *e
posteriormente*ifconfig carp0 up
*, o advskew de todas as interfaces ficam como valor 1, conforme abaixo:

*carp0: flags=49<UP,LOOPBACK,RUNNING> metric 0 mtu 1500
    inet 10.0.0.1 netmask 0xff000000
    carp: MASTER vhid 1 advbase 1 advskew 1
carp1: flags=49<UP,LOOPBACK,RUNNING> metric 0 mtu 1500
    inet 10.0.1.1 netmask 0xffff0000
    carp: MASTER vhid 2 advbase 1 advskew 1
carp2: flags=49<UP,LOOPBACK,RUNNING> metric 0 mtu 1500
    inet 10.0.2.1 netmask 0xff000000
    carp: MASTER vhid 3 advbase 1 advskew 1*

Se eu alterar o conf pra testar somente 2 interfaces, o script fucniona de
primeira, ou seja:

*#!/usr/local/bin/bash

init-state one

net = '( "ifconfig -a -u |grep carp0 > /dev/null" every 3 && "ifconfig -a -u
|grep carp1 > /dev/null" every 3)'

state one {
        if ( ! $net ) {
                run "/sbin/ifconfig carp0 advskew 200"
                run "/sbin/ifconfig carp1 advskew 200"
                set-state two
        }
}

state two {
        if ( $net ) {
                run "/sbin/ifconfig carp0 advskew 1"
                run "/sbin/ifconfig carp1 advskew 1"
                set-state one
        }
}
*

A saída do ifstated é:

*[r...@firewall ~]# ifstated -dv -f /usr/local/etc/ifstated.conf
net = "( "ifconfig -a -u |grep carp0 > /dev/null" every 2 && "ifconfig -a -u
|grep carp1 > /dev/null" every 2)"
ifstated: initial state: one
ifstated: changing state to one
ifstated: started
ifstated: running /sbin/ifconfig carp0 advskew 200
ifstated: running /sbin/ifconfig carp1 advskew 200
ifstated: changing state to two
ifstated: running /sbin/ifconfig carp0 advskew 1
ifstated: running /sbin/ifconfig carp1 advskew 1
ifstated: changing state to one
*
Desta forma o advskew das interfaces ficam 1.


Alguém já configurou o CARP para mais de duas interfaces, teve este problema
e conseguiu resolver?
Este problem só ocorre quando o conf tests 3 interfaces. O script está
errado? Alguém pode me ajudar?

Abraço à todos.



-- 
Fábio Ferrão

"E conhecereis a verdade e a verdade vos libertará".    João 8.32
"And you will know the truth and the truth you will free".    John 8.32
-------------------------
Histórico: http://www.fug.com.br/historico/html/freebsd/
Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd

[FUG-BR] CARP + Ifstated

Responder a