Your dmesg doesn't show the version you're running. Can you provide that, along with ifconfig output from both machines? You may want to check the physical connectivity (cable/ NIC/ switch) for the internal interface of the carp master... Or just fail over to the secondary box to see if the issue goes away.
Also, provide the netstat -i output. On 11/28/11 1:37 PM, rik wrote: > Hi James, > both carp on the master firewall are in master status (one on the external > side, one on the internal side), but as much as I know they've always been > like this; on the backup firewall they both are in backup status (and the > backup, using the phisical interface, can ping without any packet loss). > Thanks > Alessandro > > > On Mon, Nov 28, 2011 at 8:08 PM, James Shupe <jsh...@osre.org> wrote: > >> Run >> >> ifconfig carp | grep status >> >> on both machines... If they're pre 4.8, do: >> >> ifconfig carp | grep 'carp: ' >> >> ..... >> >> If both think they're masters, they'll do what you're seeing. >> >> Thank you, >> James Shupe >> >> On 11/28/11 12:53 PM, Stuart Henderson wrote: >>> dmesg? >>> >>> On 2011-11-28, rik <rikc...@gmail.com> wrote: >>>> Good day, >>>> I'm using 2 openbsd boxes as router firewall with carp in a colo-like >> setup. >>>> In the last few days we saw the packet loss percentuale increase up to >>>> 8-10% and it doesn't look like a problem for outside. If I ping from >> the >>>> master firewall one of the server inside I can see something like this: >>>> >>>> 64 bytes from xx.xx.xx.12: icmp_seq=4 ttl=64 time=-3.-656 ms >>>> 64 bytes from xx.xx.xx.12: icmp_seq=5 ttl=64 time=0.794 ms >>>> 64 bytes from xx.xx.xx.12: icmp_seq=6 ttl=64 time=0.-491 ms >>>> ping: sendto: No route to host >>>> ping: wrote xx.xx.xx.12 64 chars, ret=-1 >>>> ping: sendto: No route to host >>>> ping: wrote xx.xx.xx.12 64 chars, ret=-1 >>>> 64 bytes from xx.xx.xx.12: icmp_seq=9 ttl=64 time=0.526 ms >>>> 64 bytes from xx.xx.xx.12: icmp_seq=10 ttl=64 time=1.415 ms >>>> >>>> No errors in syslog. >>>> Any idea? >>>> Thanks >>>> Alessandro >>> >> >> >> -- >> James Shupe, OSRE >> developer/ engineer >> BSD/ Linux support & hosting >> jsh...@osre.org | www.osre.org >> O 9032530140 | F 9032530150 | M 9035223425 > -- James Shupe, OSRE developer/ engineer BSD/ Linux support & hosting jsh...@osre.org | www.osre.org O 9032530140 | F 9032530150 | M 9035223425
