Hello,
It seems like this question should be addressed to the pfSense kernel
maintainer(s).
I've two firewalls on 2.0-BETA4 with CARP enabled. Until the recent
upgrade everything worked almost perfect.
Now both routers got all CARP devices in MASTER state.
Firewall 1:
vip6: flags=49<UP,LOOPBACK,RUNNING> metric 0 mtu 1500
inet 192.168.199.1 netmask 0xffffff00
carp: MASTER vhid 6 advbase 2 advskew 100
vip10: flags=49<UP,LOOPBACK,RUNNING> metric 0 mtu 1500
inet 192.168.0.51 netmask 0xffffff00
carp: MASTER vhid 10 advbase 2 advskew 100
vip12: flags=49<UP,LOOPBACK,RUNNING> metric 0 mtu 1500
inet 192.168.253.252 netmask 0xffffff00
carp: MASTER vhid 12 advbase 2 advskew 100
#netstat -ssp carp
carp:
92555 packets received (IPv4)
14 discarded for bad authentication
92222 discarded for bad vhid
39869 packets sent (IPv4)
Firewall 2:
vip6: flags=49<UP,LOOPBACK,RUNNING> metric 0 mtu 1500
inet 192.168.199.1 netmask 0xffffff00
carp: MASTER vhid 6 advbase 1 advskew 0
vip10: flags=49<UP,LOOPBACK,RUNNING> metric 0 mtu 1500
inet 192.168.0.51 netmask 0xffffff00
carp: MASTER vhid 10 advbase 1 advskew 0
vip12: flags=49<UP,LOOPBACK,RUNNING> metric 0 mtu 1500
inet 192.168.253.252 netmask 0xffffff00
carp: MASTER vhid 12 advbase 1 advskew 0
#netstat -ssp carp
carp:
39184 packets received (IPv4)
1 discarded for bad authentication
39074 discarded for bad vhid
93005 packets sent (IPv4)
Here is a packet dump:
#tcpdump -nvei re0_vlan5 not tcp and not udp
tcpdump: listening on re0_vlan5, link-type EN10MB (Ethernet), capture
size 96 bytes
20:28:26.227652 00:00:5e:00:01:0a > 01:00:5e:00:00:12, ethertype IPv4
(0x0800), length 70: (tos 0x10, ttl 255, id 13532, offset 0, flags [DF],
proto VRRP (112), length 56, bad cksum 0 (->a57a)!)
192.168.0.52 > 224.0.0.18: VRRPv2, Advertisement, vrid 10, prio 0,
authtype #128, intvl 1s, length 36, addrs(7):
227.234.177.249,120.162.118.75,40.102.130.17,242.232.0.66,58.203.185.41,64.96.187.4,114.121.226.49
20:28:26.723778 00:00:5e:00:01:0a > 01:00:5e:00:00:12, ethertype IPv4
(0x0800), length 70: (tos 0x10, ttl 255, id 13772, offset 0, flags [DF],
proto VRRP (112), length 56)
192.168.0.53 > 224.0.0.18: VRRPv2, Advertisement, vrid 10, prio
100, authtype #128, intvl 2s, length 36, addrs(7):
227.234.177.249,120.162.117.92,228.194.169.203,197.128.149.181,204.97.168.247,234.48.188.234,14.68.23.250
20:28:27.223192 00:00:5e:00:01:0a > 01:00:5e:00:00:12, ethertype IPv4
(0x0800), length 70: (tos 0x10, ttl 255, id 57411, offset 0, flags [DF],
proto VRRP (112), length 56, bad cksum 0 (->fa12)!)
192.168.0.52 > 224.0.0.18: VRRPv2, Advertisement, vrid 10, prio 0,
authtype #128, intvl 1s, length 36, addrs(7):
227.234.177.249,120.162.118.76,5.159.71.110,98.90.217.70,117.200.253.191,117.207.179.185,132.131.241.197
20:28:28.218741 00:00:5e:00:01:0a > 01:00:5e:00:00:12, ethertype IPv4
(0x0800), length 70: (tos 0x10, ttl 255, id 26425, offset 0, flags [DF],
proto VRRP (112), length 56, bad cksum 0 (->731d)!)
192.168.0.52 > 224.0.0.18: VRRPv2, Advertisement, vrid 10, prio 0,
authtype #128, intvl 1s, length 36, addrs(7):
227.234.177.249,120.162.118.77,156.42.80.119,212.10.43.254,52.127.252.175,13.193.236.116,250.186.146.126
20:28:29.115843 00:00:5e:00:01:0a > 01:00:5e:00:00:12, ethertype IPv4
(0x0800), length 70: (tos 0x10, ttl 255, id 17830, offset 0, flags [DF],
proto VRRP (112), length 56)
192.168.0.53 > 224.0.0.18: VRRPv2, Advertisement, vrid 10, prio
100, authtype #128, intvl 2s, length 36, addrs(7):
227.234.177.249,120.162.117.93,134.208.204.108,14.90.209.13,71.169.61.99,222.84.234.186,206.168.118.252
20:28:29.214280 00:00:5e:00:01:0a > 01:00:5e:00:00:12, ethertype IPv4
(0x0800), length 70: (tos 0x10, ttl 255, id 20580, offset 0, flags [DF],
proto VRRP (112), length 56, bad cksum 0 (->89f2)!)
192.168.0.52 > 224.0.0.18: VRRPv2, Advertisement, vrid 10, prio 0,
authtype #128, intvl 1s, length 36, addrs(7):
227.234.177.249,120.162.118.78,152.171.173.48,92.93.224.15,236.101.105.252,83.24.68.20,227.104.66.63
Overall picture is the same as it was before the upgrade, except that
each machine now ignores the carp packets.
Did someone make changes in FreeBSD carp subsystem?
--
Thanks,
St41ker.
---------------------------------------------------------------------
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com
Commercial support available - https://portal.pfsense.org
