On 25-1-2012 18:23, Matt Hamilton wrote: > I'm also getting strange weirdnesses with carp on 5.0. I too upgraded > from quite an old 4.x version (4.6 IIRC). > > The main thing I'm seeing is my master and backup switching back and > forth quite a few times. This is a pair of firewalls with carp > running on both the inside and outside firewall interfaces. > > According to tcpdump I can see advertisements from the master being > broadcast, but I never see any broadcast from the backup (I can't > work out if that is correct behaviour or not). > > My PF rules allow the CARP packets through: > > pass in quick on $ext_if proto carp from $fw_ext_ips to 224.0.0.18 > queue carp_out > pass in quick on $int_if proto carp from $fw_int_ips to 224.0.0.18 > queue carp_in > pass out quick on $ext_if proto carp from $fw_ext_ips to 224.0.0.18 > queue carp_out > pass out quick on $int_if proto carp from $fw_ext_ips to 224.0.0.18 > queue carp_in > > And according to pfctl -sr -vv I can see that those rules are indeed > matching packets. > > The very odd thing is that on FW1: > > carp: BACKUP carpdev em0 vhid 1 advbase 1 advskew 10 > > and on FW2: > > carp: MASTER carpdev em1 vhid 2 advbase 1 advskew 200 > > I don't understand why the master is the one with the highest > advskew. This is the same on the inside carp interface too.
Can you show the output of: - ifconfig carp - ifconfig -g carp - netstat -s -p carp - sysctl net.inet.carp Do you use pfsync? If yes, can you try adding "keep state (no-sync)" to the carp rules? -- Cam
