Re: Carp doubt

Wed, 31 Oct 2012 09:05:13 -0700 

I tried this: ifconfig -g carp carpdemote 50 , and all carps are moved to
another node
:) that is

sorry


2012/10/31 R0me0 *** <knight....@gmail.com>

> Hello misc,
> I' ve a simple setup to test carp
>
> my setup is follow:
>
> -> Frw A
>
> # cat /etc/hostname.carp0
> inet 192.168.28.128 255.255.255.0 192.168.28.255 vhid 1 carpdev vic0 pass
> secret
>
> # cat /etc/hostname.vic0
> up
>
> # cat /etc/hostname.carp1
> inet 192.168.12.130 255.255.255.0 192.168.12.255 vhid 2 carpdev vic1 pass
> othersecret
>
> # cat /etc/hostname.vic1
> up
>
> # cat /etc/hostname.pfsync0
>
>
> up syncdev vlan13
>
> # cat /etc/hostname.vlan13
>
>
> inet 10.20.30.1 255.255.255.252 10.20.30.255 vlan 13 vlandev vic1
>
> -> Frw B
>
> # cat /etc/hostname.carp0
>
>
> inet 192.168.28.128 255.255.255.0 192.168.28.255 vhid 1 carpdev vic0 pass
> secret advskew 100
>
> # cat /etc/hostname.vic0
> up
>
> # cat /etc/hostname.carp1
> inet 192.168.12.130 255.255.255.0 192.168.12.255 vhid 2 carpdev vic1 pass
> othersecret advskew 100
>
> # cat /etc/hostname.vic1
> up
>
> # cat /etc/hostname.pfsync0
>
>
> up syncdev vlan13
>
> # cat /etc/hostname.vlan13
>
>
> inet 10.20.30.2 255.255.255.252 10.20.30.255 vlan 13 vlandev vic1
>
> net.inet.carp.preempt=1 on both nodes
>
>
> pf.conf ( equal on both frw's )
>
> # cat /etc/pf.conf
>
>
> ext_if = "vic0"
>
>
> int_if = "vic1"
>
>
> pfsync_if = "vlan13"
>
>
>
>
>
> set skip on lo
>
>
>
>
>
> match out on $ext_if from 192.168.12.0/24 nat-to (carp0)
>
>
>
>
>
> # Carp and Pfsync
>
>
> pass log quick  on $pfsync_if proto pfsync keep state (no-sync)
>
>
> pass in log quick on {vic0 vic1} proto carp keep state (no-sync)
>
>
>
>
>
> block log all
>
> pass in log (to pflog1) quick on { vic0 vic1 } inet proto tcp to port 22
> keep state (no-sync)
> pass in quick on $int_if from 192.168.12.0/24
> pass out
>
>
> Tests:
>
> ifconfig carp0 down or ifconfig advskew100
> on MASTER node
>
> Only carp0 is transfered to another node
>
> But if executed ifconfig vic0 down
>
> All carp nodes ( carp0 and carp1 ) are transferred to another node as
> expected
>
> I tried this setup on real machines and the results are the same.
>
> My doubt,
> To do maintenance on master node, i will need execute : ifconfig advskew
> 128  on both carp interfaces ?
> Which the better pratice to move all carp groups to another node ?
>
> I will appreciate the sugestions of misc
>
> Regards,

Reply via email to