[pfSense] CARP Demotion Not Working

[Andrew Kester]

Hi List,

I'm having an issue with CARP preempt.  I have two pfSense machines 
running 2.4.1-RELEASE.  CARP fails over all individual IPs correctly, 
but doesn't preempt correctly in the case of a single failure.


On both machines, I've checked that net.inet.carp.preempt is enabled. 
The master appears to be detecting the demotion, as it sets 
net.inet.carp.demotion to 240 during a failure, but ifconfig still 
reports advskew as 0.


I'm not 100% sure if that number should update, or if the demotion 
number is added to the advskew reported by ifconfig.


Relevent sysctl, ifconfig, and log output taken from the master firewall 
during a failure is attached.


Any help is greatly appreciated!

---
Thanks,

Andrew Kester
The Storehouse
https://sthse.co
em0: flags=8943 metric 0 mtu 
1500

options=209b
ether 3e:4c:88:b9:f1:39
hwaddr 3e:4c:88:b9:f1:39
inet6 fe80::3c4c:88ff:feb9:f139%em0 prefixlen 64 scopeid 0x1 
inet [...] netmask 0xfc00 broadcast [...]
inet [...] netmask 0xfc00 broadcast [...] vhid 2 
inet [...] netmask 0xfc00 broadcast [...] vhid 3 
inet [...] netmask 0xfc00 broadcast [...] vhid 4 
nd6 options=21
media: Ethernet autoselect (1000baseT )
status: active
carp: MASTER vhid 2 advbase 1 advskew 0
carp: MASTER vhid 3 advbase 1 advskew 0
carp: MASTER vhid 4 advbase 1 advskew 0Nov 1 15:15:38  check_reload_status Carp backup event
Nov 1 15:15:38  kernel  carp: 6@em4: MASTER -> INIT 
(hardware interface down)
Nov 1 15:15:38  kernel  carp: demoted by 240 to 240 
(interface down)
Nov 1 15:15:38  kernel  em4: link state changed to DOWN
Nov 1 15:15:38  check_reload_status Linkup starting em4
Nov 1 15:15:39  php-fpm 861 /rc.carpbackup: HA cluster 
member “([…]@em4): (OFFICE)" has resumed CARP state "BACKUP" for vhid 6
Nov 1 15:15:39  php-fpm 861 /rc.linkup: Hotplug event 
detected for OFFICE(opt3) static IP ([…])
Nov 1 15:15:39  check_reload_status Reloading filternet.inet.carp.ifdown_demotion_factor: 240
net.inet.carp.senderr_demotion_factor: 0
net.inet.carp.demotion: 240
net.inet.carp.log: 1
net.inet.carp.preempt: 1
net.inet.carp.allow: 1
net.pfsync.carp_demotion_factor: 0___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] malformed packets

[mad.scientist.at.large]

Sorry about my intemperance, to all.  And i'm glad to be out of chicago, and in 
longmont co where the gig fiber's run by the city.

mad.scientist.at.large (a good madscientist)
--

1. Nov 2017 08:17 by ryan.cole...@cwis.biz:


> Look, dude, I saw two different signatures in two emails. Given that piece of 
> information you would have come up with the same thing.
>
> We’re not in disagreement on thought. I wasn’t replying to YOU I was actually 
> defending you… but, hey, Chicago? I’ll gladly take my bribe in Burboun County 
> Stout 2014 kegs and Maxwell Street polishes please.
> :)
>
> vote early and often
>
>
>> On Oct 31, 2017, at 6:33 PM, >> mad.scientist.at.la...@tutanota.com>>  wrote:
>>
>> easilly done, non need to get nasty, just  because you can't admit a 
>> mistake.  it's entirely acceptable on most list, if it isn't here a gentle 
>> nudge from an admin is more than sufficient, on the other hand, personal 
>> attacks are rarely tolerated and demonstrate a juvenile attitude.  i'm 54, 
>> born in chicago, my father was mayor in the suburbs, i know how politics 
>> works, and i know some have become rabid.  p.s. it's not a cycling file, 
>> it's a manually changed sig, but hey, go buy some tiki torches if it makes 
>> you feel better.
>
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! > https://pfsense.org/gold
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] malformed packets

[Ryan Coleman]

Look, dude, I saw two different signatures in two emails. Given that piece of 
information you would have come up with the same thing.

We’re not in disagreement on thought. I wasn’t replying to YOU I was actually 
defending you… but, hey, Chicago? I’ll gladly take my bribe in Burboun County 
Stout 2014 kegs and Maxwell Street polishes please.
:)

vote early and often


> On Oct 31, 2017, at 6:33 PM, mad.scientist.at.la...@tutanota.com wrote:
> 
> easilly done, non need to get nasty, just  because you can't admit a mistake. 
>  it's entirely acceptable on most list, if it isn't here a gentle nudge from 
> an admin is more than sufficient, on the other hand, personal attacks are 
> rarely tolerated and demonstrate a juvenile attitude.  i'm 54, born in 
> chicago, my father was mayor in the suburbs, i know how politics works, and i 
> know some have become rabid.  p.s. it's not a cycling file, it's a manually 
> changed sig, but hey, go buy some tiki torches if it makes you feel better.

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] malformed packets

[Edward O. Holcroft]

No forum is inappropriate for a signature line of defiance. It runs to the
very core of the open source mentality. Go mad.scientist.

On Tue, Oct 31, 2017 at 7:33 PM, 
wrote:

> easilly done, non need to get nasty, just  because you can't admit a
> mistake.  it's entirely acceptable on most list, if it isn't here a gentle
> nudge from an admin is more than sufficient, on the other hand, personal
> attacks are rarely tolerated and demonstrate a juvenile attitude.  i'm 54,
> born in chicago, my father was mayor in the suburbs, i know how politics
> works, and i know some have become rabid.  p.s. it's not a cycling file,
> it's a manually changed sig, but hey, go buy some tiki torches if it makes
> you feel better.
>
> mad.scientist.at.large (a good madscientist)
> --
>
>
>
> 31. Oct 2017 14:51 by ryan.cole...@cwis.biz:
>
>
> > I concur but having checked out his previous posts… he has a cycling
> signature file with quotes…
> >
> > Aside from saying “adios” to this user there’s not a whole lot that
> could be done about that specific idiocracy.
> >
> >>
> >>
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold
>

-- 
MADSEN, KNEPPERS & ASSOCIATES USA WARNING/CONFIDENTIALITY NOTICE: This 
message may be confidential and/or privileged. If you are not the intended 
recipient, please notify the sender immediately then delete it - you should 
not copy or use it for any purpose or disclose its content to any other 
person. Internet communications are not secure. You should scan this 
message and any attachments for viruses. Any unauthorized use or 
interception of this e-mail is illegal.
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold