Hello list-members:
I've got a problem with carp and vlans. The two firewalls are clustered
(no loadbalancing, but ha). They are connected to a cisco switch in one
trunk. State table changes are pronounced over interface em0
(crosslink). Problem seems to be: both firewalls have serveral vlans
defined on the out Interface (fxp0). Of course both vlans are identical,
only difference is the mac address.
Now the firewalls allways complain about duplicate ip-addresses
(duplicate IP address 192.168.90.69 sent from ethernet address
00:10:dc:f1:22:70).
How to get rid of this (if possible at all)?
Thank you for any tips
Hints:
uname -a:
OpenBSD bsd_node1.smc-d.de 3.5 GENERIC#9 i386
sysctl net.inet.carp:
net.inet.carp.allow=1
net.inet.carp.preempt=1
net.inet.carp.log=0
net.inet.carp.arpbalance=0
ifconfig -a:
rl0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
address: 00:0a:cd:05:18:e8
media: Ethernet 100baseTX full-duplex
status: active
inet 192.168.90.248 netmask 0xffffffe0 broadcast 192.168.90.255
em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
address: 00:10:dc:f5:b2:0b
media: Ethernet 1000baseT full-duplex
status: active
inet 10.10.10.1 netmask 0xfffffffc broadcast 10.10.10.3
fxp0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu
1500
address: 00:10:dc:f5:b2:0c
media: Ethernet 100baseTX full-duplex
status: active
inet 5.5.5.5 netmask 0xfffffff8 broadcast 5.5.5.7
pflog0: flags=141<UP,RUNNING,PROMISC> mtu 33224
pfsync0: flags=41<UP,RUNNING> mtu 1348
pfsync: syncif: em0 maxupd: 128
vlan9: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
address: 00:10:dc:f5:b2:0c
vlan: 9 parent interface: fxp0
inet 82.210.20.190 netmask 0xfffffff8 broadcast 82.210.20.191
---snip---
(here several more vlans)
---snip---
carp0: flags=41<UP,RUNNING> mtu 1500
carp: MASTER vhid 1 advbase 1 advskew 0
inet 192.168.90.249 netmask 0xffffffe0
carp1: flags=41<UP,RUNNING> mtu 1500
carp: MASTER vhid 2 advbase 1 advskew 0
inet 5.5.5.6 netmask 0xfffffff8
netstat -sp carp:
carp:
18 packets received (IPv4)
0 packets received (IPv6)
0 packets discarded for bad interface
0 packets shorter than header
0 discarded for bad checksums
0 discarded packets with a bad version
0 discarded because packet too short
0 discarded for bad authentication
0 discarded for bad vhid
0 discarded because of a bad address list
159542 packets sent (IPv4)
0 packets sent (IPv6)
Olaf Zenker
Systemmanager SMC Düsseldorf
T-Systems International GmbH
Global Network Factory
Systemmanagement Customer Solutions
Sohnstr.45, 40237 Düsseldorf
+49 211-9148-620 (tel)
+49 211-9148-975 (fax)
E-Mail: [EMAIL PROTECTED]
Internetseite: http://www.t-systems.com
Diese E-Mail enthält vertrauliche und/oder rechtlich geschützte Informationen.
Wenn Sie nicht der richtige Adressat sind oder diese E-Mail irrtümlich erhalten
haben, informieren Sie bitte sofort den Absender und vernichten Sie diese Mail.
Das unerlaubte Kopieren sowie die unbefugte Weitergabe dieser Mail ist nicht
gestattet.
This e-mail may contain confidential and/or privileged information. If you are
not the intended recipient (or have received this e-mail in error) please
notify the sender immediately and destroy this e-mail. Any unauthorised
copying, disclosure or distribution of the material in this e-mail is strictly
forbidden.
