Solved: CARP problem

Tue, 23 Oct 2007 02:30:19 -0700 

Heinrich Rebehn wrote:

Hi All,
i am trying to setup a carp'ed pair of firewalls and am fighting with strange CARP behavior. 

"frw1" is i386, "frw2" is amd64, but both run i386 OpenBSD 4.2

On each machine i have configured 4 vlans on the sk0 interface.
The carp interfaces are configured on top of the vlan interfaces (see attachments). Note: i had to bring down carp0 manually on frw2 to keep it from confusing our network. Therefore it is shown in INIT state. 

What happens:
1. I boot frw1, it becomes MASTER on all carps -> good.
2. I boot frw2, it becomes BACKUP on all carps except carp0, which becomes MASTER -> bad. 

Both machines think they're MASTER on carp0.
Since both are complaining about "carp0: incorrect hash" i have double checked the passwords on both machines, no diff!
I brought carp2 down on frw1 and it immediately failed over to frw2, so CARP in general does work.
Since all traffic is running through the same physical device and the problem is only on one carp interface i tend to rule out hardware problems.
Googling showed up quite a few posts of people having problems with CARP and the "incorrect hash" message, but none really helped me. 

[EMAIL PROTECTED] [/etc] # pfctl -sr | grep carp
pass quick proto carp all no state

[EMAIL PROTECTED] [~] # pfctl -sr | grep carp
pass quick proto carp all no state

Any ideas?
It is really strange: As soon as i have posted the problem to the list, i seem to be able to relax and think better :-) 

The solution:

On frw1:
carp0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        lladdr 00:00:5e:00:01:0a
        carp: MASTER carpdev vlan0 vhid 10 advbase 1 advskew 0
        groups: carp
        inet6 fe80::200:5eff:fe00:10a%carp0 prefixlen 64 scopeid 0xa
        inet 134.102.176.250 netmask 0xffffff00 broadcast 134.102.176.255
        inet 134.102.176.202 netmask 0xffffff00 broadcast 134.102.176.255

On frw2:
carp0: flags=8802<BROADCAST,SIMPLEX,MULTICAST> mtu 1500
        lladdr 00:00:5e:00:01:0a
        carp: INIT carpdev vlan0 vhid 10 advbase 1 advskew 100
        groups: carp
        inet6 fe80::200:5eff:fe00:10a%carp0 prefixlen 64 scopeid 0xb
        inet 134.102.176.250 netmask 0xffffff00 broadcast 134.102.176.255
The alias made the difference! On frw1 i had added it /etc/rc.conf.local because i had difficulties defining in in /etc/hostname.carp0. 
This was missing on frw2!

Now it works. Apologies for the noise!

--Heinrich

Reply via email to