Penned by Andy on 20130830 4:08.56, we have:
| On 29/08/13 18:37, Todd T. Fries wrote:
| >Penned by Andy on 20130829 9:57.29, we have:
| >| Hi everyone,
| >|
| >| I'm hoping someone can help me as I'm not having much luck with adding
| >| IPv6 to the mix of our already working IPv4 setup.
| >|
| >| What should /etc/hostname.carpX look like for an IPv6 setup? Is this
| >| correct;?
| >|
| >| inet 10.0.10.1 255.255.255.0 10.0.10.255 vhid 1 pass temppass advbase 3
| >| advskew 0
| >| inet6 2a00:7e0:0:a::1 64
| >
| >Any 'inet6' except the first link local reference in a given hostname.if(4)
| >file should be followed by 'alias'.
| >
| >Aka you need:
| >
| >inet6 alias 2a00:7e0:0:a::1
| >
| >The 64 is implicitly default, if you choose to explicitly list it thats ok
too.
|
| Hi guys,
|
| Adding the inet6 as an alias didn't work for me.
| When the first line is an 'inet' entry, adding an inet6 alias
| results in errors when running /etc/netstart :(
|
|
| And trying;
| inet 194.199.X.28 255.255.255.240 NONE
| inet6 2001:660:abcd:1234::1:1 64
| description "CARP server"
| carpdev vlan603 vhid 62 advskew 1 carppeer 194.199.X.29 pass xxxxx
|
| Resulted in multi-master (no flip-flopping but permanently
| multi-master) even if I removed the carpdev and carppeer attributes
| :(
Realize you have to do the exact same config on both hosts at the same
time.
I usually either manually type the same ifconfig commands on both hosts
and press enter in two nearby windows rapidly in succession. Editing the
hostname.carpX to match for reboot is also useful. If you're in testing
mode simply 'ifconfig carp0 down destroy; sh /etc/netstart carp0' on both
in rapid succession can also be an option.
Just remember, the key with carp is that all of the addresses on the carp
interface build up into a hash that must match the `other' system or both
systems will think they have a different config and you'll be stuck scratching
your head in permanent multi master mode, as you described above.
| I have tested both of these with PF disabled just encase a rule was
| messing things up.
| With pf enabled, does this rule satisfy CARP and is it sensible?;
| pass in quick proto carp from { fe80::/8 } to { ff00::/8 } keep
| state (no-sync)
|
| The only way I have managed to get this to work with 5.3 is separate
| carp devices, if I have to run two of course I will, but I would
| really like to get it working under one for clarity.
|
|
| PS; Todd,
| Thanks you very much for your detailed thoughts on IPv6 regarding
| filtering icmp6, ndp. Really appreciate your time to help.
| For ndp is this rule sensible?;
| pass quick proto icmp6 from { ff00::/8 } to { ff00::/8 }
| I have just set-up an he.net tunnel at home ;)
Do some tcpdump on pflog0 if you block other icmp6 codes (though I am an
advocate of universally enabling {echo,fqdn}{req,reply} .. if you have
abusers, block them via an overload rule or something, but permit
yourself the time proven luxury of 'ping6 host' to confirm its up from
wherever.
I think you'll find some { global, link local } <-> { fe80::/16,
ff02::/16 } activity. Yes I just realized /8 is the wrong prefixlen for
the lin local muticast and address space) activi
Thanks,
--
Todd Fries .. t...@fries.net
____________________________________________
| \ 1.636.410.0632 (voice)
| Free Daemon Consulting, LLC \ 1.405.227.9094 (voice)
| http://FreeDaemonConsulting.com \ 1.866.792.3418 (FAX)
| PO Box 16169, Oklahoma City, OK 73113-2169 \ sip:freedae...@ekiga.net
| "..in support of free software solutions." \ sip:4052279...@ekiga.net
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
37E7 D3EB 74D0 8D66 A68D B866 0326 204E 3F42 004A
http://todd.fries.net/pgp.txt
