Hey all,
I've got a CARP rig running as a firewall pair, and I use preemption
to make sure only one host is master of all links at any given time.
However just now I saw a situation where a single carp interface had
gone to BACKUP and passed across to the other host, while all other
carp interfaces stayed as MASTER on the otherwise 'live' host.
The PF rulesets pass all carp as follows,
pass on {$int_if, $dmz_if, $c1_if, $c2_if} proto carp keep state
and I've read the pflog dump and there are no blocked carp packets in
there. There are also no interface errors identified for the
interfaces by netstat either.
Because carp doesn't log it's state changes etc, I've been writing the
output of ifconfig into a log file every minute, and I can see that
this one interface failed over at a specific time (12:37pm for those
who are interested ;-) ) which matches on both the host that became
backup, and the host that took over as master.
I did notice that net.inet.ip.ifq.drops had grown a bit since the
weekend, so I've upped net.inet.ip.ifq.maxlen to 1024 from its 256
default.
At the moment, both hosts share the same advskew value since I'm not
particular about which is master at any given time (the less switches
the better for me) with the carp interface setup as follows,
carp2: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500
lladdr 00:00:5e:00:01:1e
carp: MASTER carpdev em1 vhid 30 advbase 3 advskew 0
groups: carp
inet6 fe80::200:5eff:fe00:11e%carp2 prefixlen 64 scopeid 0xc
inet 172.16.2.253 netmask 0xff00 broadcast 172.16.2.255
Are there any obvious gotchas that I'm missing here ? Any known
behaviours that I'm not aware of ??
Cheers
Dave
