I had some experience with this and found another thread where the best thing to do for your routing is to have only one /(32-n) mask and then all /32 for any given subnet and rdomain combination on a system. I have set up my system accordingly and my advice is to set your carp primary IP to the proper network mask (especially if it is using the carp IP to provide a gateway to the connected network) and then any other IP/interfaces to /32 per subnet. Example:
em5 - no IP carp5 - 10.0.0.0/30 mask on carpdev em5 em4 - 9.0.0.0/32 for mgmt carp4 - 9.0.0.0/28 acting as gateway for 9.0.0.0 net on carpdev em4 carp4 - aliases on 9.0.0.0 with /32 masks on carpdev em4 Before this I had the same mask on em4 and carp4 primary IP. It worked, but I noticed the ARP had tell: set to the em4 MAC/IP and that the route for that network was "homed" to em4 in the table. After the change ARP has tell: set to the carp MAC/IP and the network is on the carp4 if, which seemed more consistent to me. Can't tell you for sure if that is better for you, but it is worth a shot. I can also advise that ifconfig on runtime can have different effects than editing hostname.if and using netstart. One example I can think of is all the self-routing stuff that happens with netstart. I also find it good to get a reboot in at some point just to double-check that the hostname.if files and netstart do what you want on a system that hasn't had any previous networking setup. Good luck, happy hacking. 2011/11/21 Kapetanakis Giannis <bil...@edu.physics.uoc.gr>: > Hi, > > I'm a bit confused on setting appropriate netmask on carp interface when the > carpdev has an IP address. > > Till yesterday (following http://openbsd.org/faq/pf/carp.html#failover) my > carp interfaces had the same netmask as the carpdev interfaces: > em1: > (no inet adddress) > > vlanXX: > vlan: 102 priority: 0 parent interface: em1 > inet xxx.xxx.xxx.18 netmask 0xfffffff8 broadcast xxx.xxx.xxx.23 > > carp0: > carp: MASTER carpdev vlanXX > inet xxx.xxx.xxx.20 netmask 0xfffffff8 broadcast xxx.xxx.xxx.23 > > I've read this from Henning > http://marc.info/?l=openbsd-misc&m=123464537104366&w=2 > so I tried to switch to /32 netmask on the carp interfaces > # ifconfig carp0 xxx.xxx.xxx.20/32 > > But now I get > > Nov 21 11:45:09 fw /bsd: carp0: state transition: BACKUP -> MASTER > Nov 21 11:45:09 fw /bsd: arp_rtrequest: bad gateway value > Nov 21 11:45:10 fw /bsd: carp1: state transition: BACKUP -> MASTER > Nov 21 11:45:10 fw /bsd: arp_rtrequest: bad gateway value > > every time the state changes on each firewall. Apart from this I don't see > any other problem. > > Is this normal behavior? Should I change back to the /29 netmask? > > regards, > > Giannis
