top post... ok I *think* I have tracked it down...
I had dmz4-dmz6 100% configured but no cables connected to the switch. The carp interfaces for them were in "init" state as they could not talk to each other. Although it all seemed to work as it should for all other interfaces. This means all carp masters on the primary server and all carp backups on the secondary server. But during a reboot of any of the firewalls or sometimes in random one carp could change to backup and the other to master. But not on all interfaces! I do not understand why not all networks with carp were infected. Strange.... But as soon as did a "ifconfig carpNN destroy" on both servers for the not connected interfaces the faulty carp flipped back. So it seems everything have to be connected for 100% correct function. I would very much appreciate if somebody could tell me why not all carp interfaces flipped over? Thanks Per-Olov -- GPG keyID: 4DB283CE GPG fingerprint: 45E8 3D0E DE05 B714 D549 45BC CFB4 BBE9 4DB2 83CE On Thursday 02 February 2006 06.04, Steven S wrote: > I had a similar issue. I ended up using net.inet.carp.preempt=1 on the > primary firewall and net.inet.carp.preempt=0 on the secondary. > > If the primary has an issue, the secondary becomes the master on all > interfaces. I must confess I haven't "fully tested" the configuration. > > -Steve S. > > [EMAIL PROTECTED] wrote: > > Hi > > > > > > I have seen strange issues with my firewall environment. It > > has the following > > 9 interfaces: > > Internet - em1 (dual intel pci-e) > > lan - em0 (dual intel pci-e) > > pfsync - em2 (dual intel pci-x) > > dmz1 - em3 (dual intel pci-x) > > dmz2 - bge0 (server build in broadcom) > > dmz3-6 - sis0-4 (soekris pci quad) > > > > em0, em1 and em2 run at gig speed. All other at 100. > > > > > > I use carp on all interfaces [ except pfsync ;-) ]. > > I also have net.inet.carp.preempt=1
