On 5/24/2012 11:37 AM, Johan Ryberg wrote:
Fishy...
All documentation is pointing at the direction to default advskew on
the "primary" host and 100 on the secondary.
http://www.openbsd.org/faq/pf/carp.html
fw1: default
fw2: advskew 128
http://www.openbsd.org/cgi-bin/man.cgi?query=carp&sektion=4#end
host A: default
host B: advskew 100
Book of PF 2
Host A: default
host B: advskew 100
But... when I changed my Host 1 to advskew 1 and Host 2 advskew 2 it
started to work as I thought it should be with the above examples.
Has something changed?
Regards Johan
2012/5/24 Tyler Morgan<tyl...@tradetech.net>:
Try adding a lower advskew to host1's carp1.
The last time I read http://www.openbsd.org/faq/pf/carp.html it had me do
that.
This is a working 5.0 config (RELEASE, generic kernel)
root@border1-bellevue:/root# cat /etc/hostname.carp1
inet 192.168.1.223 255.255.255.0 192.168.1.255 vhid 1 carpdev re0 pass
XXXXXXXX advskew 1
root@border1-bellevue:/root# ssh border2-bellevue
root@border2-bellevue:/root# cat /etc/hostname.carp1
inet 192.168.1.223 255.255.255.0 192.168.1.255 vhid 1 carpdev re0 pass
XXXXXXXX advskew 2
Weird, I didn't expect it to help, since the docs are pretty much always
right.
Looking through the changelog of files that seem relevant to me
(ip_carp.h, man 4 carp, /www/faq/pf/carp.html), I don't see any notes
that mention anything about advskew in this context, and I looked at
diffs over the last few months too. Of course, I could be missing
something obvious.
It's completely possible that no official documentation ever told me to
give the master interface an advskew. I tend to follow the OpenBSD
documentation religiously though, so that seems odd to me. The firewall
I got my example from was originally setup as 4.9-RELEASE and is now
5.0-RELEASE.
Anyway, something does seem a little fishy to me too, but I'm glad it
seems to have helped your problem!
