On Thu, Dec 16, 2004 at 08:54:54PM -0500, Jason Dixon wrote: > There is probably a good reason for this, but might be hard to > determine a) for an experienced user without access to your network, or > b) for an inexperienced user *with* access to your network. ;-) > > I suggest monitoring your interfaces continually ("while true; do > ifconfig -a | grep carp; sleep 1; clear; done") while you recreate your > problems. It wouldn't hurt to also monitor your pfsync traffic for > hiccups.
'ifconfig carp' works, no need for '-a | grep carp'. carp(4) state transitions also show up on the routing socket, so you can do 'route monitor'. > I usually experience ~3 seconds of packet loss during a failover. > Recovery is always instantaneous (no loss). Regardless, I've yet to > lose any TCP connections. I'd suggest you try to isolate the > questionable behavior. > > >Sorry if I sound like a "Loinux whiny", I'm almost there, just need a > >few more pointers. > > > >1) If I reduce advskew to something like 10 on machine A and 12 on > >machine b, would that increase the stability of the firewalls? > > I suggest larger advskew differences. You can only go as high as the > size of your segment (256-1 for /24, for example). If you're only > using 2 firewalls, I suggest advskews of 0 and 100. This isn't > documented anywhere, and is only based on my own experience, so YMMV. If by "not documented" you mean "explicitly ignoring the examples in the carp(4) manpage", then you're correct :-) The advskew range doesn't depend on the network segment. It's an 8 bit number in the CARP packet and the legal values are 1-255. Keep the value below 240 unless you really know what you're doing. > >2) Why does it seem that when the master returns from me issuing a > >reboot does the connection for the client appear to get shaky again? What is the value of 'sysctl net.inet.carp.preempt'? Those who want useful advice on a CARP problem should provide the output of the following (from both machines): $ ifconfig -a $ sysctl net.inet.carp $ netstat -sp carp