I'm looking to understand the proper way to get v6 carp to behave.
The problem is, that when I have one of the firewalls reboot, and its carp
interfaces become 'master', the v6 somehow thinks there is a duplicate v6
address for the address(es) I have configured on the carp interfaces.
In my case, it is 2001:240:58a:XXXX::1 per subnet and fe80::1 on each
carp interface (so the default route can go to fe80::1%\$if).
In the past, I could simply start screen, and do:
ifconfig carp0 down; sleep 5;ifconfig carp0 up
And things would be 'settled' and the carp interface would take over
the v6 IP's just fine.
However, now that I have some vlans deployed and have 4 carp devices
fighting over v6 addresses per firewall on 4 separate ethernet segments,
this is becoming a headache I'd rather fix 'the right way'.
Until someone suggests 'the right way' I'm forced to power off my redundant
firewall, and then power on the firewall I want to be master, in order for
things to work right. Yes, this means loosing states and such, but I have no
other guaranteed way to make sure the v6 addresses do not get deteced as
duplicate and as a result do not respond/work from a machine on the net.
I suppose the brute force method would somehow disable duplication detection
for carp'ed v6 addresses, but I'd like 2nd opinions before going down that
path.
Thanks for any hints.
--
Todd Fries .. [EMAIL PROTECTED]
_____________________________________________
| \ 1.636.410.0632 (voice)
| Free Daemon Consulting, LLC \ 1.405.227.9094 (voice)
| http://FreeDaemonConsulting.com \ 1.866.792.3418 (FAX)
| "..in support of free software solutions." \ 250797 (FWD)
| \
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
37E7 D3EB 74D0 8D66 A68D B866 0326 204E 3F42 004A
http://todd.fries.net/pgp.txt
--- Begin Message ---
Ok, so now that I have vlans an 5 carp devices on failover firewalls now at
home, I'm fed up with v6 issues and carp enough to ask, what is the proper
solution?
nd6_na_input: duplicate IP6 address fe80:000c::0001
nd6_na_input: duplicate IP6 address 2001:0240:058a::0001
nd6_na_input: duplicate IP6 address fe80:000c::0001
nd6_na_input: duplicate IP6 address 2001:0240:058a::0001
nd6_na_input: duplicate IP6 address fe80:000c::0001
nd6_na_input: duplicate IP6 address 2001:0240:058a::0001
nd6_na_input: duplicate IP6 address fe80:000c::0001
nd6_na_input: duplicate IP6 address 2001:0240:058a::0001
nd6_na_input: duplicate IP6 address fe80:000c::0001
nd6_na_input: duplicate IP6 address 2001:0240:058a::0001
nd6_na_input: duplicate IP6 address fe80:000c::0001
nd6_na_input: duplicate IP6 address 2001:0240:058a::0001
nd6_na_input: duplicate IP6 address fe80:000c::0001
nd6_na_input: duplicate IP6 address 2001:0240:058a::0001
nd6_na_input: duplicate IP6 address fe80:000c::0001
nd6_na_input: duplicate IP6 address 2001:0240:058a::0001
nd6_na_input: duplicate IP6 address fe80:000c::0001
nd6_na_input: duplicate IP6 address 2001:0240:058a::0001
nd6_na_input: duplicate IP6 address fe80:000c::0001
nd6_na_input: duplicate IP6 address 2001:0240:058a::0001
nd6_na_input: duplicate IP6 address fe80:000e::0001
nd6_na_input: duplicate IP6 address 2001:0240:058a:0001::0001
nd6_na_input: duplicate IP6 address fe80:000f::0001
--
Todd Fries .. [EMAIL PROTECTED]
_____________________________________________
| \ 1.636.410.0632 (voice)
| Free Daemon Consulting, LLC \ 1.405.227.9094 (voice)
| http://FreeDaemonConsulting.com \ 1.866.792.3418 (FAX)
| "..in support of free software solutions." \ 250797 (FWD)
| \
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
37E7 D3EB 74D0 8D66 A68D B866 0326 204E 3F42 004A
http://todd.fries.net/pgp.txt
--- End Message ---
