Re: sis(4) broken on 8.2 [Re: Carp seems completely broken on 8.2-RC2 and 8.2-PRERELEASE]
On Tue, Jan 18, 2011 at 03:37:48AM +0100, Paul Schenkeveld wrote: > Hello, > > On Mon, Jan 17, 2011 at 02:26:24PM -0800, Pyun YongHyeon wrote: > > > Since you didn't post dmesg output I'm not sure what kind of > > > controller you have but I guess it would be NS8381[56]. I > > > overhauled sis(4) to make it work on all architectures so one of > > > change, probably r212119, could be cause of the issue. Due to lack > > > of SiS controllers I didn't touch multicast handling part so some > > > part of code still relies on old wrong behavior of driver. > > > Would you try attached patch and let me know whether it makes any > > > difference? > > > > > > > Hmm, unfortunately it seems the patch above may not work since NS > > data sheet says that filter function should be disabled before > > touching other bits in the register. > > Try this one instead. > > As far as I can tell, both patches work for me. Your second patch is > on my production firewalls now so if anthing comes up over the > coming days I'll keep you informed. > > I've tested carp, both failover to backup and fallback (preemption) > with IPv4 and with IPv6, all seems to work now. > Thanks for testing. Committed to HEAD(r217548). > Thannks again for your patches, hope you can get them into 8.2. > I'm afraid it's too late. :-( > Regards, > > Paul Schenkeveld ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
Re: sis(4) broken on 8.2 [Re: Carp seems completely broken on 8.2-RC2 and 8.2-PRERELEASE]
Hello, On Mon, Jan 17, 2011 at 02:26:24PM -0800, Pyun YongHyeon wrote: > > Since you didn't post dmesg output I'm not sure what kind of > > controller you have but I guess it would be NS8381[56]. I > > overhauled sis(4) to make it work on all architectures so one of > > change, probably r212119, could be cause of the issue. Due to lack > > of SiS controllers I didn't touch multicast handling part so some > > part of code still relies on old wrong behavior of driver. > > Would you try attached patch and let me know whether it makes any > > difference? > > > > Hmm, unfortunately it seems the patch above may not work since NS > data sheet says that filter function should be disabled before > touching other bits in the register. > Try this one instead. As far as I can tell, both patches work for me. Your second patch is on my production firewalls now so if anthing comes up over the coming days I'll keep you informed. I've tested carp, both failover to backup and fallback (preemption) with IPv4 and with IPv6, all seems to work now. Thannks again for your patches, hope you can get them into 8.2. Regards, Paul Schenkeveld ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
Re: sis(4) broken on 8.2 [Re: Carp seems completely broken on 8.2-RC2 and 8.2-PRERELEASE]
On Mon, Jan 17, 2011 at 01:29:47PM -0800, Pyun YongHyeon wrote: > On Mon, Jan 17, 2011 at 08:56:15PM +0100, Paul Schenkeveld wrote: > > On Sun, Jan 16, 2011 at 01:41:22PM +0100, Paul Schenkeveld wrote: > > > Hi, > > > > > > Trying to upgrade two Soekris firewalls to 8-STABLE or 8.2-PRERELEASE > > > it appears that carp doesn't work at all. I've set up carp like I've > > > done on many firewall pairs before and they all work correctly. With > > > google, nor in the mailing lists, I could find anything about changes > > > in the way carp get configured but if I missed something I'd be happy > > > to hear that it's my fault. > > > > > > Here's the setup: > > > > > > net5501 > > > test3 > > > 10.4.0.4/24 > > >| > > > -+- > > >| | > > > net4801 net4801 > > >test1 test2 > > > sis4: 10.4.0.2/24 sis4: 10.4.0.3/24 > > > carp4:10.4.0.1/24 carp4:10.4.0.1/24 > > >| | | | | | | | > > >| | | | | | | | > > > sis[0-3] connected to other networks, see > > > explanation below. > > > > > > When I ping from test3 to 10.4.0.1, I see the following traffic using > > > tcpdump: > > > > > > test3 # tcpdump -e -n -i vr3 not vrrp > > > tcpdump: verbose output suppressed, use -v or -vv for full protocol > > > decode > > > listening on vr3, link-type EN10MB (Ethernet), capture size 96 bytes > > > 12:09:35.121831 00:00:24:c9:30:ff > ff:ff:ff:ff:ff:ff, > > > ethertype ARP (0x0806), length 60: > > > Request who-has 10.4.0.1 tell 10.4.0.4, length 46 > > > 12:09:35.122144 00:00:24:c3:49:91 > 00:00:24:c9:30:ff, > > > ethertype ARP (0x0806), length 60: > > > Reply 10.4.0.1 is-at 00:00:5e:00:01:68, length 46 > > > 12:09:35.122173 00:00:24:c9:30:ff > 00:00:5e:00:01:68, > > > ethertype IPv4 (0x0800), length 98: > > > 10.4.0.4 > 10.4.0.1: ICMP echo request, > > > id 40482, seq 0, length 64 > > > > > > test1 # tcpdump -e -n -i sis4 not vrrp > > > tcpdump: verbose output suppressed, use -v or -vv for full protocol > > > decode > > > listening on sis4, link-type EN10MB (Ethernet), capture size 96 bytes > > > 12:09:34.977570 00:00:24:c9:30:ff > ff:ff:ff:ff:ff:ff, > > > ethertype ARP (0x0806), length 60: > > > Request who-has 10.4.0.1 tell 10.4.0.4, length 46 > > > 12:09:34.977705 00:00:24:c3:49:91 > 00:00:24:c9:30:ff, > > > ethertype ARP (0x0806), length 42: > > > Reply 10.4.0.1 is-at 00:00:5e:00:01:68, length 28 > > > > > > test2 # dump -e -n -i sis4 not vrrp > > > tcpdump: verbose output suppressed, use -v or -vv for full protocol > > > decode > > > listening on sis4, link-type EN10MB (Ethernet), capture size 96 bytes > > > 12:09:35.090050 00:00:24:c9:30:ff > ff:ff:ff:ff:ff:ff, > > > ethertype ARP (0x0806), length 60: > > > Request who-has 10.4.0.1 tell 10.4.0.4, length 46 > > > > > > There is an ARP request which is replied to by the carp master (test). > > > the ping to the carp address does not even appear on the sis4 interface > > > of test1. > > > > > > This is the kernel config for test1 and test2: > > > > > > include GENERIC > > > device carp > > > makeoptions MODULES_OVERRIDE="" > > > > > > The relevant rc.conf bits: > > > > > > on test1 > > > hostname="test1" > > > cloned_interfaces="carp1 carp2 carp3 carp4" > > > ifconfig_sis0="xxx.xxx.xxx.41/26" > > > ifconfig_sis1="10.1.0.2/24" > > > ifconfig_sis2="10.2.0.2/24" > > > ifconfig_sis3="10.3.0.2/24" > > > ifconfig_sis4="10.4.0.2/24" > > > ifconfig_carp1="10.1.0.1/24 vhid 101 pass abcd1234 advskew 0" > > > ifconfig_carp2="10.2.0.1/24 vhid 102 pass abcd1234 advskew 0" > > > ifconfig_carp3="10.3.0.1/24 vhid 103 pass abcd1234 advskew 0" > > > ifconfig_carp4="10.4.0.1/24 vhid 104 pass abcd1234 advskew 0" > > > > > > on test2 > > > hostname="test2" > > > cloned_interfaces="carp1 carp2 carp3 carp4" > > > ifconfig_sis0="xxx.xxx.xxx.42/26" > > > ifconfig_sis1="10.1.0.3/24" > > > ifconfig_sis2="10.2.0.3/24" > > > ifconfig_sis3="10.3.0.3/24" > > > ifconfig_sis4="10.4.0.3/24" > > > ifconfig_carp1="10.1.0.1/24 vhid 101 pass abcd1234 advskew 100" > > > ifconfig_carp2="10.2.0.1/24 vhid 102 pass abcd1234 advskew 100" > > > ifconfig_carp3="10.3.0.1/24 vhid 103 pass abcd1234 advskew 100" > > > ifconfig_carp4="10.4.0.1/24 vhid 104 pass abcd1234 advskew 100" > > > > > > In /etc/sysctl.conf: > > > net.inet.carp.preempt=1 > > > > > > Ifconfig output: > > > > > > test1 # ifconfig sis4 > > > sis4: flags=8943 metric 0 > > > mtu 1500 > > > options=83808 > > > ether 00:00:24:c3:49:91 > > >
Re: sis(4) broken on 8.2 [Re: Carp seems completely broken on 8.2-RC2 and 8.2-PRERELEASE]
On Mon, Jan 17, 2011 at 08:56:15PM +0100, Paul Schenkeveld wrote: > On Sun, Jan 16, 2011 at 01:41:22PM +0100, Paul Schenkeveld wrote: > > Hi, > > > > Trying to upgrade two Soekris firewalls to 8-STABLE or 8.2-PRERELEASE > > it appears that carp doesn't work at all. I've set up carp like I've > > done on many firewall pairs before and they all work correctly. With > > google, nor in the mailing lists, I could find anything about changes > > in the way carp get configured but if I missed something I'd be happy > > to hear that it's my fault. > > > > Here's the setup: > > > > net5501 > >test3 > > 10.4.0.4/24 > > | > > -+- > > | | > > net4801 net4801 > >test1 test2 > > sis4: 10.4.0.2/24 sis4: 10.4.0.3/24 > > carp4:10.4.0.1/24 carp4:10.4.0.1/24 > >| | | | | | | | > >| | | | | | | | > > sis[0-3] connected to other networks, see > > explanation below. > > > > When I ping from test3 to 10.4.0.1, I see the following traffic using > > tcpdump: > > > > test3 # tcpdump -e -n -i vr3 not vrrp > > tcpdump: verbose output suppressed, use -v or -vv for full protocol > > decode > > listening on vr3, link-type EN10MB (Ethernet), capture size 96 bytes > > 12:09:35.121831 00:00:24:c9:30:ff > ff:ff:ff:ff:ff:ff, > > ethertype ARP (0x0806), length 60: > > Request who-has 10.4.0.1 tell 10.4.0.4, length 46 > > 12:09:35.122144 00:00:24:c3:49:91 > 00:00:24:c9:30:ff, > > ethertype ARP (0x0806), length 60: > > Reply 10.4.0.1 is-at 00:00:5e:00:01:68, length 46 > > 12:09:35.122173 00:00:24:c9:30:ff > 00:00:5e:00:01:68, > > ethertype IPv4 (0x0800), length 98: > > 10.4.0.4 > 10.4.0.1: ICMP echo request, > > id 40482, seq 0, length 64 > > > > test1 # tcpdump -e -n -i sis4 not vrrp > > tcpdump: verbose output suppressed, use -v or -vv for full protocol > > decode > > listening on sis4, link-type EN10MB (Ethernet), capture size 96 bytes > > 12:09:34.977570 00:00:24:c9:30:ff > ff:ff:ff:ff:ff:ff, > > ethertype ARP (0x0806), length 60: > > Request who-has 10.4.0.1 tell 10.4.0.4, length 46 > > 12:09:34.977705 00:00:24:c3:49:91 > 00:00:24:c9:30:ff, > > ethertype ARP (0x0806), length 42: > > Reply 10.4.0.1 is-at 00:00:5e:00:01:68, length 28 > > > > test2 # dump -e -n -i sis4 not vrrp > > tcpdump: verbose output suppressed, use -v or -vv for full protocol > > decode > > listening on sis4, link-type EN10MB (Ethernet), capture size 96 bytes > > 12:09:35.090050 00:00:24:c9:30:ff > ff:ff:ff:ff:ff:ff, > > ethertype ARP (0x0806), length 60: > > Request who-has 10.4.0.1 tell 10.4.0.4, length 46 > > > > There is an ARP request which is replied to by the carp master (test). > > the ping to the carp address does not even appear on the sis4 interface > > of test1. > > > > This is the kernel config for test1 and test2: > > > > include GENERIC > > device carp > > makeoptions MODULES_OVERRIDE="" > > > > The relevant rc.conf bits: > > > > on test1 > > hostname="test1" > > cloned_interfaces="carp1 carp2 carp3 carp4" > > ifconfig_sis0="xxx.xxx.xxx.41/26" > > ifconfig_sis1="10.1.0.2/24" > > ifconfig_sis2="10.2.0.2/24" > > ifconfig_sis3="10.3.0.2/24" > > ifconfig_sis4="10.4.0.2/24" > > ifconfig_carp1="10.1.0.1/24 vhid 101 pass abcd1234 advskew 0" > > ifconfig_carp2="10.2.0.1/24 vhid 102 pass abcd1234 advskew 0" > > ifconfig_carp3="10.3.0.1/24 vhid 103 pass abcd1234 advskew 0" > > ifconfig_carp4="10.4.0.1/24 vhid 104 pass abcd1234 advskew 0" > > > > on test2 > > hostname="test2" > > cloned_interfaces="carp1 carp2 carp3 carp4" > > ifconfig_sis0="xxx.xxx.xxx.42/26" > > ifconfig_sis1="10.1.0.3/24" > > ifconfig_sis2="10.2.0.3/24" > > ifconfig_sis3="10.3.0.3/24" > > ifconfig_sis4="10.4.0.3/24" > > ifconfig_carp1="10.1.0.1/24 vhid 101 pass abcd1234 advskew 100" > > ifconfig_carp2="10.2.0.1/24 vhid 102 pass abcd1234 advskew 100" > > ifconfig_carp3="10.3.0.1/24 vhid 103 pass abcd1234 advskew 100" > > ifconfig_carp4="10.4.0.1/24 vhid 104 pass abcd1234 advskew 100" > > > > In /etc/sysctl.conf: > > net.inet.carp.preempt=1 > > > > Ifconfig output: > > > > test1 # ifconfig sis4 > > sis4: flags=8943 metric 0 > > mtu 1500 > > options=83808 > > ether 00:00:24:c3:49:91 > > inet 10.4.0.2 netmask 0xff00 broadcast 10.4.0.255 > > media: Ethernet autoselect (100baseTX ) > > status: active > > test1 # ifconfig carp4 > > carp4: flags=49 metric 0 mtu 1500 > > inet 10.4.0.1 netmask 0xff00 > >
sis(4) broken on 8.2 [Re: Carp seems completely broken on 8.2-RC2 and 8.2-PRERELEASE]
On Sun, Jan 16, 2011 at 01:41:22PM +0100, Paul Schenkeveld wrote: > Hi, > > Trying to upgrade two Soekris firewalls to 8-STABLE or 8.2-PRERELEASE > it appears that carp doesn't work at all. I've set up carp like I've > done on many firewall pairs before and they all work correctly. With > google, nor in the mailing lists, I could find anything about changes > in the way carp get configured but if I missed something I'd be happy > to hear that it's my fault. > > Here's the setup: > > net5501 > test3 > 10.4.0.4/24 >| > -+- >| | > net4801 net4801 >test1 test2 > sis4: 10.4.0.2/24 sis4: 10.4.0.3/24 > carp4:10.4.0.1/24 carp4:10.4.0.1/24 >| | | | | | | | >| | | | | | | | > sis[0-3] connected to other networks, see > explanation below. > > When I ping from test3 to 10.4.0.1, I see the following traffic using > tcpdump: > > test3 # tcpdump -e -n -i vr3 not vrrp > tcpdump: verbose output suppressed, use -v or -vv for full protocol decode > listening on vr3, link-type EN10MB (Ethernet), capture size 96 bytes > 12:09:35.121831 00:00:24:c9:30:ff > ff:ff:ff:ff:ff:ff, > ethertype ARP (0x0806), length 60: > Request who-has 10.4.0.1 tell 10.4.0.4, length 46 > 12:09:35.122144 00:00:24:c3:49:91 > 00:00:24:c9:30:ff, > ethertype ARP (0x0806), length 60: > Reply 10.4.0.1 is-at 00:00:5e:00:01:68, length 46 > 12:09:35.122173 00:00:24:c9:30:ff > 00:00:5e:00:01:68, > ethertype IPv4 (0x0800), length 98: > 10.4.0.4 > 10.4.0.1: ICMP echo request, > id 40482, seq 0, length 64 > > test1 # tcpdump -e -n -i sis4 not vrrp > tcpdump: verbose output suppressed, use -v or -vv for full protocol decode > listening on sis4, link-type EN10MB (Ethernet), capture size 96 bytes > 12:09:34.977570 00:00:24:c9:30:ff > ff:ff:ff:ff:ff:ff, > ethertype ARP (0x0806), length 60: > Request who-has 10.4.0.1 tell 10.4.0.4, length 46 > 12:09:34.977705 00:00:24:c3:49:91 > 00:00:24:c9:30:ff, > ethertype ARP (0x0806), length 42: > Reply 10.4.0.1 is-at 00:00:5e:00:01:68, length 28 > > test2 # dump -e -n -i sis4 not vrrp > tcpdump: verbose output suppressed, use -v or -vv for full protocol decode > listening on sis4, link-type EN10MB (Ethernet), capture size 96 bytes > 12:09:35.090050 00:00:24:c9:30:ff > ff:ff:ff:ff:ff:ff, > ethertype ARP (0x0806), length 60: > Request who-has 10.4.0.1 tell 10.4.0.4, length 46 > > There is an ARP request which is replied to by the carp master (test). > the ping to the carp address does not even appear on the sis4 interface > of test1. > > This is the kernel config for test1 and test2: > > include GENERIC > device carp > makeoptions MODULES_OVERRIDE="" > > The relevant rc.conf bits: > > on test1 > hostname="test1" > cloned_interfaces="carp1 carp2 carp3 carp4" > ifconfig_sis0="xxx.xxx.xxx.41/26" > ifconfig_sis1="10.1.0.2/24" > ifconfig_sis2="10.2.0.2/24" > ifconfig_sis3="10.3.0.2/24" > ifconfig_sis4="10.4.0.2/24" > ifconfig_carp1="10.1.0.1/24 vhid 101 pass abcd1234 advskew 0" > ifconfig_carp2="10.2.0.1/24 vhid 102 pass abcd1234 advskew 0" > ifconfig_carp3="10.3.0.1/24 vhid 103 pass abcd1234 advskew 0" > ifconfig_carp4="10.4.0.1/24 vhid 104 pass abcd1234 advskew 0" > > on test2 > hostname="test2" > cloned_interfaces="carp1 carp2 carp3 carp4" > ifconfig_sis0="xxx.xxx.xxx.42/26" > ifconfig_sis1="10.1.0.3/24" > ifconfig_sis2="10.2.0.3/24" > ifconfig_sis3="10.3.0.3/24" > ifconfig_sis4="10.4.0.3/24" > ifconfig_carp1="10.1.0.1/24 vhid 101 pass abcd1234 advskew 100" > ifconfig_carp2="10.2.0.1/24 vhid 102 pass abcd1234 advskew 100" > ifconfig_carp3="10.3.0.1/24 vhid 103 pass abcd1234 advskew 100" > ifconfig_carp4="10.4.0.1/24 vhid 104 pass abcd1234 advskew 100" > > In /etc/sysctl.conf: > net.inet.carp.preempt=1 > > Ifconfig output: > > test1 # ifconfig sis4 > sis4: flags=8943 metric 0 mtu > 1500 > options=83808 > ether 00:00:24:c3:49:91 > inet 10.4.0.2 netmask 0xff00 broadcast 10.4.0.255 > media: Ethernet autoselect (100baseTX ) > status: active > test1 # ifconfig carp4 > carp4: flags=49 metric 0 mtu 1500 > inet 10.4.0.1 netmask 0xff00 > carp: MASTER vhid 104 advbase 1 advskew 0 > > test2 # ifconfig sis4 > sis4: flags=8943 metric 0 mtu > 1500 > options=83808 > ether 00:00:24:c3:49:7d > inet 10.4.0.3 netmask 0xff00 broadcast 10.4.0.255 > media: Ethernet autoselect (100b
Re: Carp seems completely broken on 8.2-RC2 and 8.2-PRERELEASE
On Mon, Jan 17, 2011 at 01:05:31PM +0100, Daniel Hartmeier wrote: > On Sun, Jan 16, 2011 at 01:41:22PM +0100, Paul Schenkeveld wrote: > > > There is an ARP request which is replied to by the carp master (test). > > the ping to the carp address does not even appear on the sis4 interface > > of test1. > > Everything looks fine, except for the fact that the ping (echo request) > doesn't get to test1's sis4. > > Are you sure the problem isn't with the switch? Have you tried resetting > it? Or replacing it with another one (where you could check the MAC > address table, etc.)? The switch has been power-cycled, no change. Only 3 ports are wired, to test1, test2 and test3. I'm not in the office right now, can replace the switch tonight, but read on... > You'd get this behavior if the switch had learned carp4's virtual MAC > address (00:00:5e:00:01:68) on another port. You're not using vhid 104 > (:68 in the virtual MAC) on other ports of that switch, are you? test3 has no carp nor vrrp so vhid 104 is not in use anywhere else. Tcpdump shows only carp (vrrp) packets from test1 one per second. sis3 of test1 and test2 are connected by a cross-cable. IP addresses are 10.3.0.1/24 (carp3, vhid 103, test1 is master, test2 is backup), 10.3.0.2/24 for sis3 on test1 and 10.3.0.3 for sis3 on test2. On test1 I can ping 10.3.0.1 (which test1 is carp master for), from test2 I can't ping 10.3.0.1. A tcpdump on sis3 on test1 shows ARP request and reply, but no icmp echo-request. The arp entry on test2 looks OK: test2 # arp 10.3.0.1 ? (10.3.0.1) at 00:00:5e:00:01:67 on sis3 expires in 800 seconds [ethernet] On test2 I can ping 10.3.0.2 and 10.4.0.2 (the addresses on sis3 and sis4 of test1) and see the normal arp-request/arp-reply/icmp-echoreq/ icmp-echoreply sequence using tcpdump. > Daniel Regards, Paul Schenkeveld ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
Re: Carp seems completely broken on 8.2-RC2 and 8.2-PRERELEASE
On Sun, Jan 16, 2011 at 01:41:22PM +0100, Paul Schenkeveld wrote: > There is an ARP request which is replied to by the carp master (test). > the ping to the carp address does not even appear on the sis4 interface > of test1. Everything looks fine, except for the fact that the ping (echo request) doesn't get to test1's sis4. Are you sure the problem isn't with the switch? Have you tried resetting it? Or replacing it with another one (where you could check the MAC address table, etc.)? You'd get this behavior if the switch had learned carp4's virtual MAC address (00:00:5e:00:01:68) on another port. You're not using vhid 104 (:68 in the virtual MAC) on other ports of that switch, are you? Daniel ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
Carp seems completely broken on 8.2-RC2 and 8.2-PRERELEASE
Hi, Trying to upgrade two Soekris firewalls to 8-STABLE or 8.2-PRERELEASE it appears that carp doesn't work at all. I've set up carp like I've done on many firewall pairs before and they all work correctly. With google, nor in the mailing lists, I could find anything about changes in the way carp get configured but if I missed something I'd be happy to hear that it's my fault. Here's the setup: net5501 test3 10.4.0.4/24 | -+- | | net4801 net4801 test1 test2 sis4: 10.4.0.2/24 sis4: 10.4.0.3/24 carp4:10.4.0.1/24 carp4:10.4.0.1/24 | | | | | | | | | | | | | | | | sis[0-3] connected to other networks, see explanation below. When I ping from test3 to 10.4.0.1, I see the following traffic using tcpdump: test3 # tcpdump -e -n -i vr3 not vrrp tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on vr3, link-type EN10MB (Ethernet), capture size 96 bytes 12:09:35.121831 00:00:24:c9:30:ff > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 60: Request who-has 10.4.0.1 tell 10.4.0.4, length 46 12:09:35.122144 00:00:24:c3:49:91 > 00:00:24:c9:30:ff, ethertype ARP (0x0806), length 60: Reply 10.4.0.1 is-at 00:00:5e:00:01:68, length 46 12:09:35.122173 00:00:24:c9:30:ff > 00:00:5e:00:01:68, ethertype IPv4 (0x0800), length 98: 10.4.0.4 > 10.4.0.1: ICMP echo request, id 40482, seq 0, length 64 test1 # tcpdump -e -n -i sis4 not vrrp tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on sis4, link-type EN10MB (Ethernet), capture size 96 bytes 12:09:34.977570 00:00:24:c9:30:ff > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 60: Request who-has 10.4.0.1 tell 10.4.0.4, length 46 12:09:34.977705 00:00:24:c3:49:91 > 00:00:24:c9:30:ff, ethertype ARP (0x0806), length 42: Reply 10.4.0.1 is-at 00:00:5e:00:01:68, length 28 test2 # dump -e -n -i sis4 not vrrp tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on sis4, link-type EN10MB (Ethernet), capture size 96 bytes 12:09:35.090050 00:00:24:c9:30:ff > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 60: Request who-has 10.4.0.1 tell 10.4.0.4, length 46 There is an ARP request which is replied to by the carp master (test). the ping to the carp address does not even appear on the sis4 interface of test1. This is the kernel config for test1 and test2: include GENERIC device carp makeoptions MODULES_OVERRIDE="" The relevant rc.conf bits: on test1 hostname="test1" cloned_interfaces="carp1 carp2 carp3 carp4" ifconfig_sis0="xxx.xxx.xxx.41/26" ifconfig_sis1="10.1.0.2/24" ifconfig_sis2="10.2.0.2/24" ifconfig_sis3="10.3.0.2/24" ifconfig_sis4="10.4.0.2/24" ifconfig_carp1="10.1.0.1/24 vhid 101 pass abcd1234 advskew 0" ifconfig_carp2="10.2.0.1/24 vhid 102 pass abcd1234 advskew 0" ifconfig_carp3="10.3.0.1/24 vhid 103 pass abcd1234 advskew 0" ifconfig_carp4="10.4.0.1/24 vhid 104 pass abcd1234 advskew 0" on test2 hostname="test2" cloned_interfaces="carp1 carp2 carp3 carp4" ifconfig_sis0="xxx.xxx.xxx.42/26" ifconfig_sis1="10.1.0.3/24" ifconfig_sis2="10.2.0.3/24" ifconfig_sis3="10.3.0.3/24" ifconfig_sis4="10.4.0.3/24" ifconfig_carp1="10.1.0.1/24 vhid 101 pass abcd1234 advskew 100" ifconfig_carp2="10.2.0.1/24 vhid 102 pass abcd1234 advskew 100" ifconfig_carp3="10.3.0.1/24 vhid 103 pass abcd1234 advskew 100" ifconfig_carp4="10.4.0.1/24 vhid 104 pass abcd1234 advskew 100" In /etc/sysctl.conf: net.inet.carp.preempt=1 Ifconfig output: test1 # ifconfig sis4 sis4: flags=8943 metric 0 mtu 1500 options=83808 ether 00:00:24:c3:49:91 inet 10.4.0.2 netmask 0xff00 broadcast 10.4.0.255 media: Ethernet autoselect (100baseTX ) status: active test1 # ifconfig carp4 carp4: flags=49 metric 0 mtu 1500 inet 10.4.0.1 netmask 0xff00 carp: MASTER vhid 104 advbase 1 advskew 0 test2 # ifconfig sis4 sis4: flags=8943 metric 0 mtu 1500 options=83808 ether 00:00:24:c3:49:7d inet 10.4.0.3 netmask 0xff00 broadcast 10.4.0.255 media: Ethernet autoselect (100baseTX ) status: active test2 # ifconfig carp4 carp4: flags=49 metric 0 mtu 1500 inet 10.4.0.1 netmask 0xff00 carp: BACKUP vhid 104 advbase 1 advskew 100 There are no packet filters in place, sis1, sis2 and sis3 are wired through cross-cables fro
