Penned by Andy on 20130829 9:57.29, we have: | Hi everyone, | | I'm hoping someone can help me as I'm not having much luck with adding | IPv6 to the mix of our already working IPv4 setup. | | What should /etc/hostname.carpX look like for an IPv6 setup? Is this | correct;? | | inet 10.0.10.1 255.255.255.0 10.0.10.255 vhid 1 pass temppass advbase 3 | advskew 0 | inet6 2a00:7e0:0:a::1 64
Any 'inet6' except the first link local reference in a given hostname.if(4) file should be followed by 'alias'. Aka you need: inet6 alias 2a00:7e0:0:a::1 The 64 is implicitly default, if you choose to explicitly list it thats ok too. | Or should I have a separate carpX interface for the IPv6? | | When I do a tcpdump on the master I see; | Aug 29 14:36:56.416723 00:00:5e:00:01:01 01:00:5e:00:00:12 0800 70: | CARPv2-advertise 36: vhid=1 advbase=3 advskew=0 demote=33 (DF) [tos 0x10] | Aug 29 14:36:56.416736 00:00:5e:00:01:01 33:33:00:00:00:12 86dd 90: | fe80::a00:27ff:fe71:f4ca > ff02::12: CARPv2-advertise 36: vhid=1 | advbase=3 advskew=0 demote=33 | Aug 29 14:36:56.420823 08:00:27:71:f4:ca 33:33:00:00:00:01 86dd 86: | fe80::1 > ff02::1: icmp6: neighbor adv: tgt is fe80::200:5eff:fe00:101 | Aug 29 14:36:56.420835 08:00:27:71:f4:ca 33:33:00:00:00:01 86dd 86: | fe80::1 > ff02::1: icmp6: neighbor adv: tgt is 2a00:77e0:0:a::1 | Aug 29 14:36:57.638468 00:00:5e:00:01:01 01:00:5e:00:00:12 0800 70: | CARPv2-advertise 36: vhid=1 advbase=3 advskew=100 demote=0 (DF) [tos 0x10] | Aug 29 14:36:57.641021 00:00:5e:00:01:01 33:33:00:00:00:12 86dd 90: | fe80::a00:27ff:fe88:bc8a > ff02::12: CARPv2-advertise 36: vhid=1 | advbase=3 advskew=100 demote=0 | Aug 29 14:37:01.049324 00:00:5e:00:01:01 01:00:5e:00:00:12 0800 70: | CARPv2-advertise 36: vhid=1 advbase=3 advskew=100 demote=0 (DF) [tos 0x10] | Aug 29 14:37:01.049685 00:00:5e:00:01:01 33:33:00:00:00:12 86dd 90: | fe80::a00:27ff:fe88:bc8a > ff02::12: CARPv2-advertise 36: vhid=1 | advbase=3 advskew=100 demote=0 | Aug 29 14:37:04.458514 00:00:5e:00:01:01 01:00:5e:00:00:12 0800 70: | CARPv2-advertise 36: vhid=1 advbase=3 advskew=100 demote=0 (DF) [tos 0x10] | Aug 29 14:37:04.462013 00:00:5e:00:01:01 33:33:00:00:00:12 86dd 90: | fe80::a00:27ff:fe88:bc8a > ff02::12: CARPv2-advertise 36: vhid=1 | advbase=3 advskew=100 demote=0 | Aug 29 14:37:06.648983 00:00:5e:00:01:01 01:00:5e:00:00:12 0800 70: | CARPv2-advertise 36: vhid=1 advbase=3 advskew=0 demote=33 (DF) [tos 0x10] | Aug 29 14:37:06.648996 00:00:5e:00:01:01 33:33:00:00:00:12 86dd 90: | fe80::a00:27ff:fe71:f4ca > ff02::12: CARPv2-advertise 36: vhid=1 | advbase=3 advskew=0 demote=33 | | I can see that the IPv6 CARP messages are using the link local address | and not the global IPv6 addresses I have configured? Why?? :( | This makes it really hard to write PF files as I would have to write | filter rules considering the each physical hosts MAC addresses :( Because multicast is on the local link not on the global addresses? Can you not use pf to filter fe80::/8 address space? | I'm also seeing errors stating that the inet6 carp address I have | configured is a duplicate address! Although this could be due to the | fact the firewalls are flapping between backup and master and there are | going to be multi master periods. I thought at one point there was a commit to ignore duplicate v6 ndp due to this issue. I can't find it right now though, so I don't know if it is in 5.3 or not. | net.inet.carp.allow=1 | net.inet.carp.preempt=1 | net.inet.carp.log=3 | net.inet6.ip6.forwarding=1 | net.inet6.ip6.redirect=0 | net.inet6.ip6.accept_rtadv=0 | | I am also starting to read "Firewalling IPv6 with OpenBSD's pf (packet | filter)". | | Thanks for your time, Andy. Hope the above helps. -- Todd Fries .. t...@fries.net ____________________________________________ | \ 1.636.410.0632 (voice) | Free Daemon Consulting, LLC \ 1.405.227.9094 (voice) | http://FreeDaemonConsulting.com \ 1.866.792.3418 (FAX) | PO Box 16169, Oklahoma City, OK 73113-2169 \ sip:freedae...@ekiga.net | "..in support of free software solutions." \ sip:4052279...@ekiga.net \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ 37E7 D3EB 74D0 8D66 A68D B866 0326 204E 3F42 004A http://todd.fries.net/pgp.txt
