[pfSense] CARP Demotion Not Working
Hi List, I'm having an issue with CARP preempt. I have two pfSense machines running 2.4.1-RELEASE. CARP fails over all individual IPs correctly, but doesn't preempt correctly in the case of a single failure. On both machines, I've checked that net.inet.carp.preempt is enabled. The master appears to be detecting the demotion, as it sets net.inet.carp.demotion to 240 during a failure, but ifconfig still reports advskew as 0. I'm not 100% sure if that number should update, or if the demotion number is added to the advskew reported by ifconfig. Relevent sysctl, ifconfig, and log output taken from the master firewall during a failure is attached. Any help is greatly appreciated! --- Thanks, Andrew Kester The Storehouse https://sthse.co em0: flags=8943metric 0 mtu 1500 options=209b ether 3e:4c:88:b9:f1:39 hwaddr 3e:4c:88:b9:f1:39 inet6 fe80::3c4c:88ff:feb9:f139%em0 prefixlen 64 scopeid 0x1 inet [...] netmask 0xfc00 broadcast [...] inet [...] netmask 0xfc00 broadcast [...] vhid 2 inet [...] netmask 0xfc00 broadcast [...] vhid 3 inet [...] netmask 0xfc00 broadcast [...] vhid 4 nd6 options=21 media: Ethernet autoselect (1000baseT ) status: active carp: MASTER vhid 2 advbase 1 advskew 0 carp: MASTER vhid 3 advbase 1 advskew 0 carp: MASTER vhid 4 advbase 1 advskew 0Nov 1 15:15:38 check_reload_status Carp backup event Nov 1 15:15:38 kernel carp: 6@em4: MASTER -> INIT (hardware interface down) Nov 1 15:15:38 kernel carp: demoted by 240 to 240 (interface down) Nov 1 15:15:38 kernel em4: link state changed to DOWN Nov 1 15:15:38 check_reload_status Linkup starting em4 Nov 1 15:15:39 php-fpm 861 /rc.carpbackup: HA cluster member “([…]@em4): (OFFICE)" has resumed CARP state "BACKUP" for vhid 6 Nov 1 15:15:39 php-fpm 861 /rc.linkup: Hotplug event detected for OFFICE(opt3) static IP ([…]) Nov 1 15:15:39 check_reload_status Reloading filternet.inet.carp.ifdown_demotion_factor: 240 net.inet.carp.senderr_demotion_factor: 0 net.inet.carp.demotion: 240 net.inet.carp.log: 1 net.inet.carp.preempt: 1 net.inet.carp.allow: 1 net.pfsync.carp_demotion_factor: 0___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] malformed packets
Sorry about my intemperance, to all. And i'm glad to be out of chicago, and in longmont co where the gig fiber's run by the city. mad.scientist.at.large (a good madscientist) -- 1. Nov 2017 08:17 by ryan.cole...@cwis.biz: > Look, dude, I saw two different signatures in two emails. Given that piece of > information you would have come up with the same thing. > > We’re not in disagreement on thought. I wasn’t replying to YOU I was actually > defending you… but, hey, Chicago? I’ll gladly take my bribe in Burboun County > Stout 2014 kegs and Maxwell Street polishes please. > :) > > vote early and often > > >> On Oct 31, 2017, at 6:33 PM, >> mad.scientist.at.la...@tutanota.com>> wrote: >> >> easilly done, non need to get nasty, just because you can't admit a >> mistake. it's entirely acceptable on most list, if it isn't here a gentle >> nudge from an admin is more than sufficient, on the other hand, personal >> attacks are rarely tolerated and demonstrate a juvenile attitude. i'm 54, >> born in chicago, my father was mayor in the suburbs, i know how politics >> works, and i know some have become rabid. p.s. it's not a cycling file, >> it's a manually changed sig, but hey, go buy some tiki torches if it makes >> you feel better. > > ___ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > Support the project with Gold! > https://pfsense.org/gold ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] malformed packets
Look, dude, I saw two different signatures in two emails. Given that piece of information you would have come up with the same thing. We’re not in disagreement on thought. I wasn’t replying to YOU I was actually defending you… but, hey, Chicago? I’ll gladly take my bribe in Burboun County Stout 2014 kegs and Maxwell Street polishes please. :) vote early and often > On Oct 31, 2017, at 6:33 PM, mad.scientist.at.la...@tutanota.com wrote: > > easilly done, non need to get nasty, just because you can't admit a mistake. > it's entirely acceptable on most list, if it isn't here a gentle nudge from > an admin is more than sufficient, on the other hand, personal attacks are > rarely tolerated and demonstrate a juvenile attitude. i'm 54, born in > chicago, my father was mayor in the suburbs, i know how politics works, and i > know some have become rabid. p.s. it's not a cycling file, it's a manually > changed sig, but hey, go buy some tiki torches if it makes you feel better. ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] malformed packets
No forum is inappropriate for a signature line of defiance. It runs to the very core of the open source mentality. Go mad.scientist. On Tue, Oct 31, 2017 at 7:33 PM,wrote: > easilly done, non need to get nasty, just because you can't admit a > mistake. it's entirely acceptable on most list, if it isn't here a gentle > nudge from an admin is more than sufficient, on the other hand, personal > attacks are rarely tolerated and demonstrate a juvenile attitude. i'm 54, > born in chicago, my father was mayor in the suburbs, i know how politics > works, and i know some have become rabid. p.s. it's not a cycling file, > it's a manually changed sig, but hey, go buy some tiki torches if it makes > you feel better. > > mad.scientist.at.large (a good madscientist) > -- > > > > 31. Oct 2017 14:51 by ryan.cole...@cwis.biz: > > > > I concur but having checked out his previous posts… he has a cycling > signature file with quotes… > > > > Aside from saying “adios” to this user there’s not a whole lot that > could be done about that specific idiocracy. > > > >> > >> > ___ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > Support the project with Gold! https://pfsense.org/gold > -- MADSEN, KNEPPERS & ASSOCIATES USA WARNING/CONFIDENTIALITY NOTICE: This message may be confidential and/or privileged. If you are not the intended recipient, please notify the sender immediately then delete it - you should not copy or use it for any purpose or disclose its content to any other person. Internet communications are not secure. You should scan this message and any attachments for viruses. Any unauthorized use or interception of this e-mail is illegal. ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold