am in the process of rotating in a backup firewall machine and when i
bring up the backup machine's carp interface, there are packets being
misdirected to it, even though it's interface is shown with state
BACKUP. the peculiar thing about this is that if i use another machine
(i386) besides the one i plan to rotate in, a netra t1 105, as the carp
backup host it works just fine.
both machines are running 4.1-release. the master firewall is i386 and
the backup is sparc64.
the existing firewall has internal interfaces
vr0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
lladdr 00:40:63:da:b0:6c
media: Ethernet autoselect (100baseTX full-duplex)
status: active
inet6 fe80::240:63ff:feda:b06c%vr0 prefixlen 64 scopeid 0x1
inet 10.0.0.252 netmask 0xffffff00 broadcast 10.0.0.255
...
carp1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
lladdr 00:00:5e:00:01:02
carp: MASTER carpdev vr0 vhid 2 advbase 1 advskew 0
groups: carp
inet 10.0.0.1 netmask 0xffffff00 broadcast 10.0.0.255
inet6 fe80::200:5eff:fe00:102%carp1 prefixlen 64 scopeid 0x11
and when this is up by itself it works fine (hosts can ping out and ping
10.0.0.1 sans packet loss). however, once the backup machine, the netra
t1, is configured appropriately with interfaces
fxp0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
lladdr 00:03:47:81:d0:02
groups: egress
media: Ethernet autoselect (100baseTX full-duplex)
status: active
inet6 fe80::203:47ff:fe81:d002%fxp0 prefixlen 64 scopeid 0x3
inet 10.0.0.253 netmask 0xffffff00 broadcast 10.0.0.255
...
carp1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
lladdr 00:00:5e:00:01:02
carp: BACKUP carpdev fxp0 vhid 2 advbase 1 advskew 200
groups: carp
inet6 fe80::200:5eff:fe00:102%carp1 prefixlen 64 scopeid 0x8
inet 10.0.0.1 netmask 0xffffff00 broadcast 10.0.0.255
packets start being misdirected to it even though carp1 is BACKUP. there
are packets showing up at the netra in this case:
# tcpdump -nettvi fxp0 host 10.0.0.1
tcpdump: listening on fxp0, link-type EN10MB
1186265960.985578 0:80:c8:38:d:f7 0:0:5e:0:1:2 0800 80: 10.0.0.201.4243
> 10.0.0.1.53: [udp sum ok] 43885+ A? download42.avast.com. (38) (ttl
128, id 17947, len 66)
1186265961.770602 0:e0:81:4:64:96 0:0:5e:0:1:2 0800 77: 10.0.0.111.47624
> 10.0.0.1.53: [udp sum ok] 518+ AAAA? gateway.fedex.com. (35) (ttl 64,
id 44746, len 63)
1186265963.149881 0:0:5e:0:1:2 ff:ff:ff:ff:ff:ff 0806 42: arp who-has
10.0.0.1 tell 10.0.0.1
1186265964.986023 0:80:c8:38:d:f7 0:0:5e:0:1:2 0800 80: 10.0.0.201.4243
> 10.0.0.1.53: [udp sum ok] 43885+ A? download42.avast.com. (38) (ttl
128, id 17950, len 66)
1186265967.190227 0:0:5e:0:1:2 ff:ff:ff:ff:ff:ff 0806 42: arp who-has
10.0.0.1 tell 10.0.0.1
1186265968.986657 0:80:c8:38:d:f7 0:0:5e:0:1:2 0800 80: 10.0.0.201.4243
> 10.0.0.1.53: [udp sum ok] 43885+ A? download42.avast.com. (38) (ttl
128, id 17957, len 66)
1186265971.230637 0:0:5e:0:1:2 ff:ff:ff:ff:ff:ff 0806 42: arp who-has
10.0.0.1 tell 10.0.0.1
if this is a known issue or can be fixed by a reboot/interface
configuration on boot, do tell.
cheers,
jake
--
