On 1-3-2012 18:20, Camiel Dobbelaar wrote:
> On 1-3-2012 18:10, Marios Makassikis wrote:
>> Here you go:
>> carp:
>> 45808 packets received (IPv4)
>> 74835 packets received (IPv6)
>> 0 packets discarded for bad interface
>> 0 packets discarded for wrong TTL
>> 0 packets shorter than header
>> 0 discarded for bad checksums
>> 0 discarded packets with a bad version
>> 0 discarded because packet too short
>> 0 discarded for bad authentication
>> 32062 discarded for unknown vhid
>> 0 discarded because of a bad address list
>> 1582 packets sent (IPv4)
^^^^
>> 1582 packets sent (IPv6)
^^^^
I just thought of something that bit me recently as well.
With a real IPv6 address CARP will send out advertisements via IPv4
_and_ IPv6. It's the same CARP message so if either one reaches the
backup it's ok.
Your block rule had "inet" so you were probably blocking IPv4 only. But
because of the send errors (due to pf blocking) fw1 started to demote
itself.
Anyway, you have to block inet6 too if you want to block carp completely.
Does that explain it?
--
Cam
