strange issue with carp interface aliases
Hi, We have 2 FreeBSD machines running as a firewall in a CARP+pf+pfsync setup. Worked great, however . today I noticed something weird. I had to reboot the master machine, and when it came back ... one of the CARP addresses no longer worked. Looking in the logs, I got carp4: incorrect hash And looking at the carp interface both machines were running MASTER for this interface. Looking closer, I noticed my primary machine had this configuration : carp4: flags=49UP,LOOPBACK,RUNNING metric 0 mtu 1500 inet 213.206.xx.62 netmask 0xfff0 inet 213.206.xx.49 netmask 0xfff0 carp: MASTER vhid 4 advbase 1 advskew 100 and my secondary : carp4: flags=49UP,LOOPBACK,RUNNING metric 0 mtu 1500 inet 213.206.xx.49 netmask 0xfff0 inet 213.206.xx.62 netmask 0xfff0 carp: MASTER vhid 4 advbase 1 advskew 100 It swapped the carp alias alias (213.206.xx.62) to be the first address on the interface. This was the only interface it happened. The config : primary: ## defaultrouter=213.206.yy.193 hostname=fw01.xxx.yyy cloned_interfaces=carp0 carp1 carp2 carp3 carp4 carp5 carp6 carp7 carp8 carp9 carp10 carp11 carp12 carp13 carp14 carp15 carp16 carp17 carp18 carp19 carp20 carp21 carp22 carp23 carp24 carp25 carp26 carp27 carp28 ifconfig_bge0=inet 213.206.yy.194 netmask 255.255.255.240 ifconfig_bge1=inet 213.206.xx.2 netmask 255.255.255.240 ifconfig_bge1_alias0=inet 213.206.xx.18 netmask 255.255.255.240 ifconfig_bge1_alias1=inet 213.206.xx.34 netmask 255.255.255.240 ifconfig_bge1_alias2=inet 213.206.xx.50 netmask 255.255.255.240 ifconfig_bge1_alias3=inet 213.206.xx.66 netmask 255.255.255.240 ifconfig_bge1_alias4=inet 213.206.xx.82 netmask 255.255.255.240 etc,etc ifconfig_carp0=vhid 255 pass blubVIP0255 213.206.yy.206/28 ifconfig_carp1=vhid 1 pass blubVIP0001 213.206.xx.1/28 ifconfig_carp2=vhid 2 pass blubVIP0002 213.206.xx.17/28 ifconfig_carp2_alias0=vhid 2 pass blubVIP0002 213.206.xx.30/28 ifconfig_carp3=vhid 3 pass blubVIP0003 213.206.xx.33/28 ifconfig_carp4=vhid 4 pass blubVIP0004 213.206.xx.49/28 ifconfig_carp4_alias0=vhid 4 pass blubVIP0004 213.206.xx.62/28 ifconfig_carp5=vhid 5 pass blubVIP0005 213.206.xx.65/28 ifconfig_carp6=vhid 6 pass blubVIP0006 213.206.xx.81/28 ## secondary: ## defaultrouter=213.206.yy.193 hostname=fw02.xxx.yyy cloned_interfaces=carp0 carp1 carp2 carp3 carp4 carp5 carp6 carp7 carp8 carp9 carp10 carp11 carp12 carp13 carp14 carp15 carp16 carp17 carp18 carp19 carp20 carp21 carp22 carp23 carp24 carp25 carp26 carp27 carp28 ifconfig_bge0=inet 213.206.yy.195 netmask 255.255.255.240 ifconfig_bge1=inet 213.206.xx.3 netmask 255.255.255.240 ifconfig_bge1_alias0=inet 213.206.xx.19 netmask 255.255.255.240 ifconfig_bge1_alias1=inet 213.206.xx.35 netmask 255.255.255.240 ifconfig_bge1_alias2=inet 213.206.xx.51 netmask 255.255.255.240 ifconfig_bge1_alias3=inet 213.206.xx.67 netmask 255.255.255.240 ifconfig_bge1_alias4=inet 213.206.xx.83 netmask 255.255.255.240 etc,etc ifconfig_carp0=vhid 255 advskew 100 pass blubVIP0255 213.206.yy.206/28 ifconfig_carp1=vhid 1 advskew 100 pass blubVIP0001 213.206.xx.1/28 ifconfig_carp2=vhid 2 advskew 100 pass blubVIP0002 213.206.xx.17/28 ifconfig_carp2_alias0=vhid 2 advskew 100 pass blubVIP0002 213.206.xx.30/28 ifconfig_carp3=vhid 3 advskew 100 pass blubVIP0003 213.206.xx.33/28 ifconfig_carp4=vhid 4 advskew 100 pass blubVIP0004 213.206.xx.49/28 ifconfig_carp4_alias0=vhid 4 advskew 100 pass blubVIP0004 213.206.xx.62/28 ifconfig_carp5=vhid 5 advskew 100 pass blubVIP0005 213.206.xx.65/28 ifconfig_carp6=vhid 6 advskew 100 pass blubVIP0006 213.206.xx.81/28 ## After rebooting the secondary, it still gave me incorrect hash. But, it gave me the same thing on carp2 now. ... however, here the secondary had the carp2_alias0 listed as first, where as the primary had the carp2 as first, and the carp2_alias0 as second address. How can this ever happen ? Now I'm redundant but I must pray that the addresses will come up in the same order. Never had this issue on FreeBSD 6.x(p*)-RELEASE, but now I'm running FreeBSD 7.0-RELEASE. Help ! :) Kind regards, Wouter de Jong The Netherlands ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: strange issue with carp interface aliases
Am Freitag, den 07.03.2008, 18:45 +0100 schrieb Wouter de Jong: Hi, We have 2 FreeBSD machines running as a firewall in a CARP+pf+pfsync setup. Worked great, however . today I noticed something weird. I had to reboot the master machine, and when it came back ... one of the CARP addresses no longer worked. Looking in the logs, I got carp4: incorrect hash And looking at the carp interface both machines were running MASTER for this interface. Looking closer, I noticed my primary machine had this configuration : carp4: flags=49UP,LOOPBACK,RUNNING metric 0 mtu 1500 inet 213.206.xx.62 netmask 0xfff0 inet 213.206.xx.49 netmask 0xfff0 carp: MASTER vhid 4 advbase 1 advskew 100 and my secondary : carp4: flags=49UP,LOOPBACK,RUNNING metric 0 mtu 1500 inet 213.206.xx.49 netmask 0xfff0 inet 213.206.xx.62 netmask 0xfff0 carp: MASTER vhid 4 advbase 1 advskew 100 It swapped the carp alias alias (213.206.xx.62) to be the first address on the interface. This was the only interface it happened. The config : primary: ## defaultrouter=213.206.yy.193 hostname=fw01.xxx.yyy cloned_interfaces=carp0 carp1 carp2 carp3 carp4 carp5 carp6 carp7 carp8 carp9 carp10 carp11 carp12 carp13 carp14 carp15 carp16 carp17 carp18 carp19 carp20 carp21 carp22 carp23 carp24 carp25 carp26 carp27 carp28 ifconfig_bge0=inet 213.206.yy.194 netmask 255.255.255.240 ifconfig_bge1=inet 213.206.xx.2 netmask 255.255.255.240 ifconfig_bge1_alias0=inet 213.206.xx.18 netmask 255.255.255.240 ifconfig_bge1_alias1=inet 213.206.xx.34 netmask 255.255.255.240 ifconfig_bge1_alias2=inet 213.206.xx.50 netmask 255.255.255.240 ifconfig_bge1_alias3=inet 213.206.xx.66 netmask 255.255.255.240 ifconfig_bge1_alias4=inet 213.206.xx.82 netmask 255.255.255.240 etc,etc ifconfig_carp0=vhid 255 pass blubVIP0255 213.206.yy.206/28 ifconfig_carp1=vhid 1 pass blubVIP0001 213.206.xx.1/28 ifconfig_carp2=vhid 2 pass blubVIP0002 213.206.xx.17/28 ifconfig_carp2_alias0=vhid 2 pass blubVIP0002 213.206.xx.30/28 ifconfig_carp3=vhid 3 pass blubVIP0003 213.206.xx.33/28 ifconfig_carp4=vhid 4 pass blubVIP0004 213.206.xx.49/28 ifconfig_carp4_alias0=vhid 4 pass blubVIP0004 213.206.xx.62/28 ifconfig_carp5=vhid 5 pass blubVIP0005 213.206.xx.65/28 ifconfig_carp6=vhid 6 pass blubVIP0006 213.206.xx.81/28 ## secondary: ## defaultrouter=213.206.yy.193 hostname=fw02.xxx.yyy cloned_interfaces=carp0 carp1 carp2 carp3 carp4 carp5 carp6 carp7 carp8 carp9 carp10 carp11 carp12 carp13 carp14 carp15 carp16 carp17 carp18 carp19 carp20 carp21 carp22 carp23 carp24 carp25 carp26 carp27 carp28 ifconfig_bge0=inet 213.206.yy.195 netmask 255.255.255.240 ifconfig_bge1=inet 213.206.xx.3 netmask 255.255.255.240 ifconfig_bge1_alias0=inet 213.206.xx.19 netmask 255.255.255.240 ifconfig_bge1_alias1=inet 213.206.xx.35 netmask 255.255.255.240 ifconfig_bge1_alias2=inet 213.206.xx.51 netmask 255.255.255.240 ifconfig_bge1_alias3=inet 213.206.xx.67 netmask 255.255.255.240 ifconfig_bge1_alias4=inet 213.206.xx.83 netmask 255.255.255.240 etc,etc ifconfig_carp0=vhid 255 advskew 100 pass blubVIP0255 213.206.yy.206/28 ifconfig_carp1=vhid 1 advskew 100 pass blubVIP0001 213.206.xx.1/28 ifconfig_carp2=vhid 2 advskew 100 pass blubVIP0002 213.206.xx.17/28 ifconfig_carp2_alias0=vhid 2 advskew 100 pass blubVIP0002 213.206.xx.30/28 ifconfig_carp3=vhid 3 advskew 100 pass blubVIP0003 213.206.xx.33/28 ifconfig_carp4=vhid 4 advskew 100 pass blubVIP0004 213.206.xx.49/28 ifconfig_carp4_alias0=vhid 4 advskew 100 pass blubVIP0004 213.206.xx.62/28 ifconfig_carp5=vhid 5 advskew 100 pass blubVIP0005 213.206.xx.65/28 ifconfig_carp6=vhid 6 advskew 100 pass blubVIP0006 213.206.xx.81/28 ## After rebooting the secondary, it still gave me incorrect hash. But, it gave me the same thing on carp2 now. ... however, here the secondary had the carp2_alias0 listed as first, where as the primary had the carp2 as first, and the carp2_alias0 as second address. How can this ever happen ? Now I'm redundant but I must pray that the addresses will come up in the same order. Never had this issue on FreeBSD 6.x(p*)-RELEASE, but now I'm running FreeBSD 7.0-RELEASE. Help ! :) Kind regards, Wouter de Jong The Netherlands Same happend to me :-/ But with 6.3-p* and 7.0 ... No idea yet. Any help is welcome :-) Thx Norman ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Interface aliases
I know that I can put at least 65,000 aliases on an interface using ifconfig alias. What kind of affect does this have on the system load wise? smime.p7s Description: S/MIME cryptographic signature
Re: Interface aliases
John Oxley wrote: I know that I can put at least 65,000 aliases on an interface using ifconfig alias. What kind of affect does this have on the system load wise? Benchmark it yourself, it will depend on your hardware and your workload. As a general rule, you should have one IP per NIC. Putting thousands of IP addresses on a single box is a misuse of limited IP space, unless you are using RFC-1918 addresses. What is the actual problem you are trying to solve? -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Interface aliases
As a general rule, you should have one IP per NIC. Putting thousands of IP addresses on a single box is a misuse of limited IP space, unless you are using RFC-1918 addresses. What is the actual problem you are trying to solve? That is not true. As a web hosting company, you may want to have one IP per web site (to allow SSL for example) but all hosting on a single machine. Olivier ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Interface aliases
Olivier Nicole wrote: As a general rule, you should have one IP per NIC. Putting thousands of IP addresses on a single box is a misuse of limited IP space, unless you are using RFC-1918 addresses. What is the actual problem you are trying to solve? That is not true. As a web hosting company, you may want to have one IP per web site (to allow SSL for example) but all hosting on a single machine. There exist some exceptions to the generalization above. You've mentioned a possibility, although I would also seriously question whether a single webserver with hundreds or thousands of distinct SSL sites on it is really a good idea. -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
interface aliases with the fxp driver
While setting up a server with several IP addresses on the same interface, we noticed something a bit odd. When we add the new IP address with the command ifconfig fxp0 alias 192.168.12.100 netmask 255.255.255.255 We can ping the address and all seems well at first. Then apparently the other machines' ARP caches time out, and the 192.168.12.100 IP address is no longer reachable on the LAN. tcpdump confirms that the server is not responding to ARP requests. Adding the arp keyword to the ifconfig command seems to fix things. ifconfig fxp0 alias arp 192.168.12.100 netmask 255.255.255.255 Works as we'd expect. This was observed on 4.9-RELEASE and 4.10-STABLE I've not tried it on boxes with other kinds of Ethernet cards yet. Is this normal, or a bug in the fxp driver? Thanks! --Chris ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]