Hello Andy, here is on of my working configuration (OpenBSD 5.2) inet 194.199.X.28 255.255.255.240 NONE inet6 2001:660:abcd:1234::1:1 64 description "CARP server" carpdev vlan603 vhid 62 advskew 1 carppeer 194.199.X.29 pass xxxxx
-- Best regards, Loïc BLOT, Engineering UNIX Systems, Security and Networks http://www.unix-experience.fr Le jeudi 29 août 2013 à 16:54 +0100, Andy a écrit : > PS; I don't have MLD capable switches in all locations if that is a > factor here regarding CARP messages being via IPv6 Multicast. > > > > On Thu 29 Aug 2013 15:57:29 BST, Andy wrote: > > Hi everyone, > > > > I'm hoping someone can help me as I'm not having much luck with adding > > IPv6 to the mix of our already working IPv4 setup. > > > > What should /etc/hostname.carpX look like for an IPv6 setup? Is this > > correct;? > > > > inet 10.0.10.1 255.255.255.0 10.0.10.255 vhid 1 pass temppass advbase 3 > > advskew 0 > > inet6 2a00:7e0:0:a::1 64 > > > > Or should I have a separate carpX interface for the IPv6? > > > > When I do a tcpdump on the master I see; > > Aug 29 14:36:56.416723 00:00:5e:00:01:01 01:00:5e:00:00:12 0800 70: > > CARPv2-advertise 36: vhid=1 advbase=3 advskew=0 demote=33 (DF) [tos 0x10] > > Aug 29 14:36:56.416736 00:00:5e:00:01:01 33:33:00:00:00:12 86dd 90: > > fe80::a00:27ff:fe71:f4ca > ff02::12: CARPv2-advertise 36: vhid=1 > > advbase=3 advskew=0 demote=33 > > Aug 29 14:36:56.420823 08:00:27:71:f4:ca 33:33:00:00:00:01 86dd 86: > > fe80::1 > ff02::1: icmp6: neighbor adv: tgt is fe80::200:5eff:fe00:101 > > Aug 29 14:36:56.420835 08:00:27:71:f4:ca 33:33:00:00:00:01 86dd 86: > > fe80::1 > ff02::1: icmp6: neighbor adv: tgt is 2a00:77e0:0:a::1 > > Aug 29 14:36:57.638468 00:00:5e:00:01:01 01:00:5e:00:00:12 0800 70: > > CARPv2-advertise 36: vhid=1 advbase=3 advskew=100 demote=0 (DF) [tos 0x10] > > Aug 29 14:36:57.641021 00:00:5e:00:01:01 33:33:00:00:00:12 86dd 90: > > fe80::a00:27ff:fe88:bc8a > ff02::12: CARPv2-advertise 36: vhid=1 > > advbase=3 advskew=100 demote=0 > > Aug 29 14:37:01.049324 00:00:5e:00:01:01 01:00:5e:00:00:12 0800 70: > > CARPv2-advertise 36: vhid=1 advbase=3 advskew=100 demote=0 (DF) [tos 0x10] > > Aug 29 14:37:01.049685 00:00:5e:00:01:01 33:33:00:00:00:12 86dd 90: > > fe80::a00:27ff:fe88:bc8a > ff02::12: CARPv2-advertise 36: vhid=1 > > advbase=3 advskew=100 demote=0 > > Aug 29 14:37:04.458514 00:00:5e:00:01:01 01:00:5e:00:00:12 0800 70: > > CARPv2-advertise 36: vhid=1 advbase=3 advskew=100 demote=0 (DF) [tos 0x10] > > Aug 29 14:37:04.462013 00:00:5e:00:01:01 33:33:00:00:00:12 86dd 90: > > fe80::a00:27ff:fe88:bc8a > ff02::12: CARPv2-advertise 36: vhid=1 > > advbase=3 advskew=100 demote=0 > > Aug 29 14:37:06.648983 00:00:5e:00:01:01 01:00:5e:00:00:12 0800 70: > > CARPv2-advertise 36: vhid=1 advbase=3 advskew=0 demote=33 (DF) [tos 0x10] > > Aug 29 14:37:06.648996 00:00:5e:00:01:01 33:33:00:00:00:12 86dd 90: > > fe80::a00:27ff:fe71:f4ca > ff02::12: CARPv2-advertise 36: vhid=1 > > advbase=3 advskew=0 demote=33 > > > > I can see that the IPv6 CARP messages are using the link local address > > and not the global IPv6 addresses I have configured? Why?? :( > > This makes it really hard to write PF files as I would have to write > > filter rules considering the each physical hosts MAC addresses :( > > > > I'm also seeing errors stating that the inet6 carp address I have > > configured is a duplicate address! Although this could be due to the > > fact the firewalls are flapping between backup and master and there are > > going to be multi master periods. > > > > net.inet.carp.allow=1 > > net.inet.carp.preempt=1 > > net.inet.carp.log=3 > > net.inet6.ip6.forwarding=1 > > net.inet6.ip6.redirect=0 > > net.inet6.ip6.accept_rtadv=0 > > > > I am also starting to read "Firewalling IPv6 with OpenBSD's pf (packet > > filter)". > > > > Thanks for your time, Andy.
