On Thu, Apr 23, 2009 at 12:05 PM, Imre Oolberg <i...@auul.pri.ee> wrote:
> Hallo! > > I would like to confirm my understanding of how carp works and if the > following holds generally true. > > After having on all participating nodes set to > > # sysctl -w net.inet.carp.preempt=0 AFAIK CARP preempt has meaning only in the context of the machine to which it applies. When CARP preempt is enabled, in a machine with multiple CARP interfaces, whenever one CARP interface fails over, all other CARP interfaces in the machine fail over too. I'm using this on my 2-firewall configuration (active-passive) where each machine has two CARP interfaces: internal interface and Internet-facing interface. Whenever one of the interfaces failover, the other does too. This way, both interfaces are either master or backup, at the same time. This avoids the case where the internal interface is master and the Internet-facing interface is backup (or the opposite). > > one could change advskew value and actually no carp takeover takes place > automatically until issuing on the becoming master node > > # ifconfig carp-interface-name state master > > or on becoming backup node > > # ifconfig carp-interface-name state backup > > After that the carp master and backup change roles. > > On the other hand, if all participating nodes are set to > > # sysctl -w net.inet.carp.preempt=1 > > then under similar changes in advskew carp takeover happes automatically > .i.e master and backup change roles and 'state master' or 'state backup' > aint needed to be issued manually. (As merriam-webster says in one case for > preemtive being 'marked by the seizing of the initiative; initiated by > oneself') > > > Imre > > PS The scope of this experiment is takeover within paticular carp group > (practically between two physical interfaceses) and not for all carp groups > as in case with firewall with several physical interfaces. > > -- http://www.felipe-alfaro.org/blog/disclaimer/
