Re: carp mixed states

shadrock Mon, 28 May 2012 11:05:29 -0700

hi thanks to everyone who responded,

the problem was due to connectivity on the em0 interface between bothfirewalls being block by pf.conf

Hi

On Fri, 18 may 2012 at 02:38 CEST
shadrock<shadr...@ntlworld.com>  wrote:

>  still looking for an answer to the following question
>  >  hi all
>  >  have configured two firewalls with carp
>  >  i have connectivity to the internet and the firewalls failover properly.
>  >  when i check the carp states of each firewall the slave reports that its
>  >  wan connection is in the master state the same as the master firewall
>  >  while the slave carp lan connection is in the backup state.
>  >  is this normal or should both carps be in backup for the slave ?
>  >  shadrock
>  >
>  >
>  >  master firewall
>  >  /etc/hostname.carp1
>  >  inet 10.5.5.1 255.255.255.0 10.5.5.255 vhid 1 carpdev em1 pass pass1
>  >
>  >  /etc/hostname.carp2
>  >  inet 192.168.5.1 255.255.255.0 192.168.5.255 vhid 2 carpdev em0 pass pass2
>  >
>  >  /etc/hostname.em0
>  >  inet 192.168.5.2 255.255.255.0
>  >
>  >  /etc/hostname.em1
>  >  inet 10.5.5.2 255.255.255.0 NONE
>  >
>  >  /etc/hostname.bge0
>  >  inet 172.16.0.2 255.255.255.0 NONE
>  >
>  >  /etc/hostname.pfsync0
>  >  up syncdev bge0
>  >
>  >
>  >  ifconfig -a
>  >
>  >  lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST>   mtu 33196
>  >            priority: 0
>  >            groups: lo
>  >            inet6 ::1 prefixlen 128
>  >            inet6 fe80::1%lo0 prefixlen 64 scopeid 0x5
>  >            inet 127.0.0.1 netmask 0xff000000
>  >  bge0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST>   mtu 1500
>  >            lladdr 00:18:8b:60:7b:06
>  >            priority: 0
>  >            media: Ethernet autoselect (1000baseT
>  >  full-duplex,master,rxpause,txpause)
>  >            status: active
>  >            inet 172.16.0.2 netmask 0xffffff00 broadcast 172.16.0.255
>  >            inet6 fe80::218:8bff:fe60:7b06%bge0 prefixlen 64 scopeid 0x1
>  >  em0: flags=8b43<UP,BROADCAST,RUNNING,PROMISC,ALLMULTI,SIMPLEX,MULTICAST>
>  >  mtu 1500
>  >            lladdr 00:04:23:df:6b:a4
>  >            priority: 0
>  >            groups: egress
>  >            media: Ethernet autoselect (100baseTX 
full-duplex,rxpause,txpause)
>  >            status: active
>  >            inet 192.168.5.2 netmask 0xffffff00 broadcast 192.168.5.255
>  >            inet6 fe80::204:23ff:fedf:6ba4%em0 prefixlen 64 scopeid 0x2
>  >  em1: flags=8b43<UP,BROADCAST,RUNNING,PROMISC,ALLMULTI,SIMPLEX,MULTICAST>
>  >  mtu 1500
>  >            lladdr 00:04:23:df:6b:a5
>  >            priority: 0
>  >            media: Ethernet autoselect (1000baseT 
full-duplex,rxpause,txpause)
>  >            status: active
>  >            inet 10.5.5.2 netmask 0xffffff00 broadcast 10.5.5.255
>  >            inet6 fe80::204:23ff:fedf:6ba5%em1 prefixlen 64 scopeid 0x3
>  >  enc0: flags=41<UP,RUNNING>
>  >            priority: 0
>  >            groups: enc
>  >            status: active
>  >  pfsync0: flags=41<UP,RUNNING>   mtu 1500
>  >            priority: 0
>  >            pfsync: syncdev: bge0 maxupd: 128 defer: off
>  >            groups: carp pfsync
>  >  pflog0: flags=141<UP,RUNNING,PROMISC>   mtu 33196
>  >            priority: 0
>  >            groups: pflog
>  >  carp1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST>   mtu 1500
>  >            lladdr 00:00:5e:00:01:01
>  >            priority: 0
>  >            carp: MASTER carpdev em1 vhid 1 advbase 1 advskew 0
>  >            groups: carp
>  >            status: master
>  >            inet6 fe80::200:5eff:fe00:101%carp1 prefixlen 64 scopeid 0x6
>  >            inet 10.5.5.1 netmask 0xffffff00 broadcast 10.5.5.255
>  >  carp2: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST>   mtu 1500
>  >            lladdr 00:00:5e:00:01:02
>  >            priority: 0
>  >            carp: MASTER carpdev em0 vhid 2 advbase 1 advskew 0
>  >            groups: carp
>  >            status: master
>  >            inet6 fe80::200:5eff:fe00:102%carp2 prefixlen 64 scopeid 0x7
>  >            inet 192.168.5.1 netmask 0xffffff00 broadcast 192.168.5.255
>  >
>  >
>  >  slave firewall
>  >
>  >  /etc/hostname.carp1
>  >  inet 10.5.5.1 255.255.255.0 10.5.5.255 vhid 1 carpdev em1 advskew 100
>  >  pass pass1
>  >
>  >  /etc/hostname.carp2
>  >  inet 192.168.5.1 255.255.255.0 192.168.5.255 vhid 2 carpdev em0 advskew
>  >  100 pass pass2
>  >
>  >  /etc/hostname.em0
>  >  inet 192.168.5.3 255.255.255.0
>  >
>  >  /etc/hostname.em1
>  >  inet 10.5.5.3 255.255.255.0 NONE
>  >
>  >  /etc/hostname.bge0
>  >  inet 172.16.0.3 255.255.255.0 NONE
>  >
>  >  /etc/hostname.pfsync0
>  >  up syncdev bge0
>  >
>  >
>  >  ifconfig -a
>  >
>  >  lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST>   mtu 33196
>  >            priority: 0
>  >            groups: lo
>  >            inet6 ::1 prefixlen 128
>  >            inet6 fe80::1%lo0 prefixlen 64 scopeid 0x5
>  >            inet 127.0.0.1 netmask 0xff000000
>  >  bge0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST>   mtu 1500
>  >            lladdr 00:18:8b:6c:4e:85
>  >            priority: 0
>  >            media: Ethernet autoselect (1000baseT 
full-duplex,rxpause,txpause)
>  >            status: active
>  >            inet 172.16.0.3 netmask 0xffffff00 broadcast 172.16.0.255
>  >            inet6 fe80::218:8bff:fe6c:4e85%bge0 prefixlen 64 scopeid 0x1
>  >  em0: flags=8b43<UP,BROADCAST,RUNNING,PROMISC,ALLMULTI,SIMPLEX,MULTICAST>
>  >  mtu 1500
>  >            lladdr 00:04:23:e3:c7:92
>  >            priority: 0
>  >            groups: egress
>  >            media: Ethernet autoselect (100baseTX 
full-duplex,rxpause,txpause)
>  >            status: active
>  >            inet 192.168.5.3 netmask 0xffffff00 broadcast 192.168.5.255
>  >            inet6 fe80::204:23ff:fee3:c792%em0 prefixlen 64 scopeid 0x2
>  >  em1: flags=8b43<UP,BROADCAST,RUNNING,PROMISC,ALLMULTI,SIMPLEX,MULTICAST>
>  >  mtu 1500
>  >            lladdr 00:04:23:e3:c7:93
>  >            priority: 0
>  >            media: Ethernet autoselect (1000baseT 
full-duplex,rxpause,txpause)
>  >            status: active
>  >            inet 10.5.5.3 netmask 0xffffff00 broadcast 10.5.5.255
>  >            inet6 fe80::204:23ff:fee3:c793%em1 prefixlen 64 scopeid 0x3
>  >  enc0: flags=41<UP,RUNNING>
>  >            priority: 0
>  >            groups: enc
>  >            status: active
>  >  pfsync0: flags=41<UP,RUNNING>   mtu 1500
>  >            priority: 0
>  >            pfsync: syncdev: bge0 maxupd: 128 defer: off
>  >            groups: carp pfsync
>  >  pflog0: flags=141<UP,RUNNING,PROMISC>   mtu 33196
>  >            priority: 0
>  >            groups: pflog
>  >  carp1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST>   mtu 1500
>  >            lladdr 00:00:5e:00:01:01
>  >            priority: 0
>  >            carp: BACKUP carpdev em1 vhid 1 advbase 1 advskew 100
>  >            groups: carp
>  >            status: backup
>  >            inet6 fe80::200:5eff:fe00:101%carp1 prefixlen 64 scopeid 0x6
>  >            inet 10.5.5.1 netmask 0xffffff00 broadcast 10.5.5.255
>  >  carp2: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST>   mtu 1500
>  >            lladdr 00:00:5e:00:01:02
>  >            priority: 0
>  >            carp: MASTER carpdev em0 vhid 2 advbase 1 advskew 100
>  >            groups: carp
>  >            status: master
>  >            inet6 fe80::200:5eff:fe00:102%carp2 prefixlen 64 scopeid 0x7
>  >            inet 192.168.5.1 netmask 0xffffff00 broadcast 192.168.5.255

It isn't normal. Check connectivity on em0 interface between both
firewalls. When I hit something very similar, the reason turned out to
be misconfigured vlans on switch ports.

Re: carp mixed states

Reply via email to