Evgeny Yurchenko wrote:
Jim Pingle wrote:
Evgeny Yurchenko wrote:
Yesterday it happened twice on one of my production firewalls. CPU load
was less than 10%. Did not pay attention at the moment but accoring to
RRD number of states was not unusual - 4-5k. I reproduced it in my
lab -
only test connection, so number of states was less than 100.
When this happens, check the output of "ifconfig -a" on the master when
it won't take back over, see what advskew it is advertising.
There are certain failure states that cause it to set an advskew of 240
regardless of what it is actually configured to be. Figuring out what
caused that, however, can be a bit trickier.
I push quite a lot of traffic through my pfSense boxes and have never
seen them failover in this manner. Nightly backups push just about wire
speed through my CARP pair (100MBit).
Agian hit the same situation on production firewall.
All carp interfaces show carp: BACKUP vhid xxx advbase 1 advskew 0
like this:
carp0: flags=49<UP,LOOPBACK,RUNNING> mtu 1500
inet 10.0.0.244 netmask 0xffffff00
carp: BACKUP vhid 100 advbase 1 advskew 0
On all interfaces see only partner's packets like this
# tcpdump -ni vlan1 vrrp
tcpdump: verbose output suppressed, use -v or -vv for full protocol
decode
listening on vlan1, link-type EN10MB (Ethernet), capture size 96 bytes
19:11:39.871724 IP 10.0.0.243 > 224.0.0.18: VRRPv2, Advertisement,
vrid 100, prio 100, authtype none, intvl 1s, length 36
19:11:41.264295 IP 10.0.0.243 > 224.0.0.18: VRRPv2, Advertisement,
vrid 100, prio 100, authtype none, intvl 1s, length 36
19:11:42.656753 IP 10.0.0.243 > 224.0.0.18: VRRPv2, Advertisement,
vrid 100, prio 100, authtype none, intvl 1s, length 36
19:11:44.049203 IP 10.0.0.243 > 224.0.0.18: VRRPv2, Advertisement,
vrid 100, prio 100, authtype none, intvl 1s, length 36
19:11:45.441655 IP 10.0.0.243 > 224.0.0.18: VRRPv2, Advertisement,
vrid 100, prio 100, authtype none, intvl 1s, length 36
19:11:46.834109 IP 10.0.0.243 > 224.0.0.18: VRRPv2, Advertisement,
vrid 100, prio 100, authtype none, intvl 1s, length 36
^C
# sysctl net.inet.ip.intr_queue_drops
net.inet.ip.intr_queue_drops: 0
but now there is no load.
If anybody can give any advice I can keep this situation for some time
as it is afterbusiness hours Friday.
Thanks,
Evgeny.
One more time on different pfSense cluster.
If I pay for support would somebody be able to login and see what is
going on here?
Thanks.
Evgeny.
---------------------------------------------------------------------
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com
Commercial support available - https://portal.pfsense.org
