CARP and network weirdness

2008-06-17 Thread Renaud Allard 
Hello,

I have two servers running OpenBSD 4.3-stable amd64, both sharing one IP 
using CARP with load balancing using ip-stealth. (using balancing ip 
without stealth just doesn't work at all and overloads the network)

# cat /etc/hostname.carp0 
 

inet 206.251.244.96 255.255.255.0 NONE pass strongpass carpdev rl0 
carpnodes 194:100,196:0 balancing ip-stealth

# sysctl net.inet.carp
net.inet.carp.allow=1
net.inet.carp.preempt=1
net.inet.carp.log=0

The firewall in front of my hosts is OpenBSD too, but I don't have 
control over it.

If I do a tcptraceroute on port 443 to my CARP ip, I get at the end 
something like that:
10  em0.bfw01.m5hosting.com (206.251.227.243)  174.808 ms  4295141.428
ms  175.341 ms
11  frodo.llorien.org (206.251.244.96) [open]  179.551 ms
  servplex.us (206.251.255.77)  175.481 ms !p
  frodo.llorien.org (206.251.244.96)  4294967295665.658 ms

with obviously impossible times and one packet going elsewhere on 
another range.

But if I destroy the CARP interface and use a real one by issuing 
ifconfig rl0 inet alias 206.251.244.96/24 everything works great.
It also works if I do not use balancing, using plain: inet 
206.251.244.96 255.255.255.0 NONE pass strongpass carpdev rl0 vhid 194

So it seems CARP balancing is part of the issue as it works with real 
MAC or no balancing, but I fail to understand what could cause such 
behavior. No one is using the same VHIDs as me, and there is no 
duplicate MAC.

Any explanation is welcome.

[demime 1.01d removed an attachment of type application/x-pkcs7-signature which 
had a name of smime.p7s]

Re: CARP and network weirdness

2008-06-17 Thread Insan Praja SW 
On Wed, 18 Jun 2008 04:15:52 +0700, Renaud Allard [EMAIL PROTECTED]  
wrote:



Hello,

I have two servers running OpenBSD 4.3-stable amd64, both sharing one IP
using CARP with load balancing using ip-stealth. (using balancing ip
without stealth just doesn't work at all and overloads the network)

# cat /etc/hostname.carp0

inet 206.251.244.96 255.255.255.0 NONE pass strongpass carpdev rl0
carpnodes 194:100,196:0 balancing ip-stealth

# sysctl net.inet.carp
net.inet.carp.allow=1
net.inet.carp.preempt=1
net.inet.carp.log=0

The firewall in front of my hosts is OpenBSD too, but I don't have
control over it.

If I do a tcptraceroute on port 443 to my CARP ip, I get at the end
something like that:
10  em0.bfw01.m5hosting.com (206.251.227.243)  174.808 ms  4295141.428
ms  175.341 ms
11  frodo.llorien.org (206.251.244.96) [open]  179.551 ms
  servplex.us (206.251.255.77)  175.481 ms !p
  frodo.llorien.org (206.251.244.96)  4294967295665.658 ms

with obviously impossible times and one packet going elsewhere on
another range.

But if I destroy the CARP interface and use a real one by issuing
ifconfig rl0 inet alias 206.251.244.96/24 everything works great.
It also works if I do not use balancing, using plain: inet
206.251.244.96 255.255.255.0 NONE pass strongpass carpdev rl0 vhid 194

So it seems CARP balancing is part of the issue as it works with real
MAC or no balancing, but I fail to understand what could cause such
behavior. No one is using the same VHIDs as me, and there is no
duplicate MAC.

Any explanation is welcome.

[demime 1.01d removed an attachment of type  
application/x-pkcs7-signature which had a name of smime.p7s]




Hi,
Just sharing my experience with carp and bgp (sorry for hijacking this  
thread :D )
I have problem with carp ip balancing, too.. Its working, actually.. but  
somehow, when downloading via this carp+bgp routers (twins and identical  
actually) they could only pass data about 500kbps, but uploading serves up  
to 50Mbps (on 100Mbit/s links). This is the exact behaviour when there  
some nexthop misconfiguration on the facing router.
So, right now I don't do any balancing yet, just plain old bgp redundancy,  
which, very much more complex than having carp [sigh..].

Thanks,

--
insandotpraja(at)gmaildotcom