the tricky thing here is MAC-address.
it is 01:00:5e, which mimics Microsoft NLB in "multicast IGMP mode".
first octet, 01, means it is "multicast", which is very rare case
(comparing to unicast and broadcast).
most switches treat multicast in the same way as broadcast, i.e. delivering
packets to all ports.
also, there could be side effects in using multicast in routing mode.
be careful with multicast things :-)
2012/10/15 Indunil Jayasooriya <induni...@gmail.com>
> Hi list,
>
>
> I configured CARP - Active/Active. ( Things work )
>
> I have an question, When Both are Active/Active, Both should work
> simultaneously by balancing traffic.
>
> Am I right ?
>
>
> But, ifconfig on fw1 says, *status: master * and ifconfig on fw2 says,
> *status: backup
>
>
> Pls see the output of both fw1 and fw2
> *
>
> *on fw1*
>
> carp1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
> lladdr 01:00:5e:00:01:01
> priority: 0
> carp: carpdev em0 advbase 1 balancing ip
> * state MASTER vhid 1 advskew 0
> state BACKUP vhid 2 advskew 100*
> groups: carp
> * status: master*
> inet6 fe80::a00:27ff:fe05:3294%carp1 prefixlen 64 scopeid 0x7
> inet 192.168.0.100 netmask 0xffffff00 broadcast 192.168.0.255
>
>
> *on fw2
> *
> carp1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
> lladdr 01:00:5e:00:01:01
> priority: 0
> carp: carpdev em0 advbase 1 balancing ip
> *state BACKUP vhid 1 advskew 100
> state MASTER vhid 2 advskew 0*
> groups: carp
> *status: backup*
> inet6 fe80::a00:27ff:fe14:3690%carp1 prefixlen 64 scopeid 0x7
> inet 192.168.0.100 netmask 0xffffff00 broadcast 192.168.0.255
>
>
> Why is that?
>
>
> When* status is master and backup* , Do these 2 nodes ( fw1 and fw2 ) work
> simultaneously by balancing traffic? and one node goes down, all 100%
> traffic go via running node?
>
> That's What I want to achieve.
>
>
> Pls let me know.
>
>
> Here's the HOW TO, I performed.
>
>
> CARP - Active/Active configuration ( CARP, pfsync, PF and relayd )
>
>
>
> ------ ------
> | fw1 |-em1----------em1-| fw2 |
> +-----+ +-----+
> em0| |em0
> | |
> ---+-------Shared LAN-------+---
>
>
>
>
> fw1
>
> em0 - 192.168.0.10
>
> em1 - 192.168.9.67 ( for pfsync )
>
> fw2
>
> em0 - 192.168.0.11
>
> em1 - 192.168.9.68 ( for pfsync )
>
>
> carp1 - LAN shared IP: 192.168.0.100
>
>
>
> on fw1
>
>
> #
> hostname
>
> fw1.example.com
>
> # cat /etc/hostname.em0
> inet 192.168.0.10 255.255.255.0
>
> # cat /etc/hostname.em1
> inet 192.168.9.67 255.255.255.0
>
>
> on fw2
>
> #
> hostname
>
> fw2.example.com
>
> # cat /etc/hostname.em0
> inet 192.168.0.11 255.255.255.0
>
> # cat /etc/hostname.em1
> inet 192.168.9.68 255.255.255.0
>
>
>
> net.inet.ip.forwarding=1 in /etc/sysctl.conf on both fw1 and fw2 with
> below command
>
> sysctl -w net.inet.ip.forwarding=1
>
>
> Edit net.inet.ip.forwarding=1 in /etc/sysctl.conf file in this way
>
> # less /etc/sysctl.conf |grep net.inet.ip.forwarding=1
> net.inet.ip.forwarding=1 # 1=Permit forwarding (routing) of IPv4
> packets
>
>
>
> Configure fw1:
>
> ! enable preemption and group interface failover
> # sysctl -w net.inet.carp.preempt=1
>
>
> Uncomment net.inet.carp.preempt=1 in /etc/sysctl.conf in this way
>
> # less /etc/sysctl.conf |grep net.inet.carp.preempt=1
> net.inet.carp.preempt=1 # 1=Enable carp(4) preemption
>
>
>
> ! configure pfsync
> # ifconfig em1 192.168.9.67 netmask 255.255.255.0
> # ifconfig pfsync0 syncdev em1
> # ifconfig pfsync0 up
>
> ! configure CARP on the LAN side
> # ifconfig carp1 create
> # ifconfig carp1 192.168.0.100/24 carpnodes 1:0,2:100 balancing ip \
> pass lanpasswd
>
>
> vi /etc/hostname.carp1
>
> inet 192.168.0.100 255.255.255.0 192.168.0.255 carpnodes 1:0,2:100
> balancing ip pass lanpasswd
>
>
> vi /etc/hostname.pfsync0
>
> up syncdev em1
>
>
>
>
> Configure fw2:
>
> ! enable preemption and group interface failover
> # sysctl -w net.inet.carp.preempt=1
>
>
> Uncomment net.inet.carp.preempt=1 in /etc/sysctl.conf in this way
>
> # less /etc/sysctl.conf |grep net.inet.carp.preempt=1
> net.inet.carp.preempt=1 # 1=Enable carp(4) preemption
>
>
> ! configure pfsync
> # ifconfig em1 192.168.9.68 netmask 255.255.255.0
> # ifconfig pfsync0 syncdev em1
> # ifconfig pfsync0 up
>
> ! configure CARP on the LAN side
> # ifconfig carp1 create
> # ifconfig carp1 192.168.0.100/24 carpnodes 1:100,2:0 balancing ip \
> pass lanpasswd
>
>
> vi /etc/hostname.carp1
>
> inet 192.168.0.100 255.255.255.0 192.168.0.255 carpnodes 1:100,2:0
> balancing ip pass lanpasswd
>
>
> vi /etc/hostname.pfsync0
>
> up syncdev em1
>
>
>
> Scp pf.conf and relayd.conf files to fw2 from fw1
>
>
> #
> hostname
>
> fw1.example.com
>
> # cd /etc/
>
> # scp pf.conf relayd.conf root@192.168.0.11:/etc/
> root@192.168.0.11's password:
> pf.conf
> 100% 1584 1.6KB/s 00:00
> relayd.conf
>
>
> Pls run below command on both nodes ( fw1 and fw2 )
>
>
> # pfctl -f /etc/pf.conf
>
> # relayd
>
>
> # pfctl -sr
> anchor "relayd/*" all
> pass on em1 proto pfsync all
> pass on em1 proto carp all
> pass on em0 proto carp all
> pass log all flags S/SA
>
>
> # relayctl show summary
> Id Type Name Avlblty Status
> 1 relay www active
> 1 table servers:80 active (2
> hosts)
> 1 host 192.168.0.66 2.94% up
> 2 host 192.168.0.67 3.92% up
> 2 relay smtp active
> 2 table servers:25 active (2
> hosts)
> 3 host 192.168.0.66 2.94% up
> 4 host 192.168.0.67 3.92% up
> 3 relay pop3 active
> 3 table servers:110 active (2
> hosts)
> 5 host 192.168.0.66 3.92% up
> 6 host 192.168.0.67 4.90% up
>
>
> =========
>
> Working files
>
> # ls -al
> /etc/pf.conf
>
> -rw------- 1 root wheel 1584 Aug 16 20:10 /etc/pf.conf
>
>
> # ls -al
> /etc/relayd.conf
>
> -rw------- 1 root wheel 684 Aug 17 13:57 /etc/relayd.conf
>
>
> # cat
> /etc/pf.conf
>
> # $OpenBSD: pf.conf,v 1.50 2011/04/28 00:19:42 mikeb Exp $
> #
> # See pf.conf(5) for syntax and examples.
> # Remember to set net.inet.ip.forwarding=1 and/or
> net.inet6.ip6.forwarding=1
> # in /etc/sysctl.conf if packets are to be forwarded between interfaces.
>
> ext_if="em0"
> pfsync_if="em1"
>
> servers = "{ 192.168.0.66, 192.168.0.67 }"
>
> set skip on lo
>
> # filter rules and anchor for ftp-proxy(8)
> #anchor "ftp-proxy/*"
> #pass in quick inet proto tcp to port ftp divert-to 127.0.0.1 port 8021
>
> # anchor for relayd(8)
> anchor "relayd/*"
>
> pass on em1 proto pfsync
> pass on { em0 em1 } proto carp
>
> ##END
>
> pass log # to establish keep-state
>
> # rules for spamd(8)
> #table <spamd-white> persist
> #table <nospamd> persist file "/etc/mail/nospamd"
> #pass in on egress proto tcp from any to any port smtp \
> # rdr-to 127.0.0.1 port spamd
> #pass in on egress proto tcp from <nospamd> to any port smtp
> #pass in log on egress proto tcp from <spamd-white> to any port smtp
> #pass out log on egress proto tcp to any port smtp
>
>
> #block in quick from urpf-failed to any # use with care
>
> # By default, do not permit remote connections to X11
> #block in on ! lo0 proto tcp to port 6000:6010
>
>
>
> # cat
> /etc/relayd.conf
>
> # $OpenBSD: relayd.conf,v 1.14 2011/04/07 13:33:52 reyk Exp $
> #
> # Macros
> #
>
> ext_addr="192.168.0.100"
> webhost1="192.168.0.66"
> webhost2="192.168.0.67"
>
> table <servers> { $webhost1 $webhost2 }
>
> relay www {
> listen on $ext_addr port 80
> forward to <servers> port 80 mode loadbalance check tcp
> #forward to <servers> port 80 mode roundrobin check tcp
> }
>
> relay smtp {
> listen on $ext_addr port 25
> forward to <servers> port 25 mode loadbalance check tcp
> #forward to <servers> port 25 mode roundrobin check tcp
> }
>
> relay pop3 {
> listen on $ext_addr port 110
> forward to <servers> port 110 mode loadbalance check tcp
> #forward to <servers> port 110 mode roundrobin check tcp
> }
>
>
>
>
>
> #
> hostname
>
> fw1.example.com
>
>
> #
> ifconfig
>
> lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 33152
> priority: 0
> groups: lo
> inet6 ::1 prefixlen 128
> inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4
> inet 127.0.0.1 netmask 0xff000000
> em0: flags=8b43<UP,BROADCAST,RUNNING,PROMISC,ALLMULTI,SIMPLEX,MULTICAST>
> mtu 1500
> lladdr 08:00:27:05:32:94
> priority: 0
> groups: egress
> media: Ethernet autoselect (1000baseT full-duplex)
> status: active
> inet 192.168.0.10 netmask 0xffffff00 broadcast 192.168.0.255
> inet6 fe80::a00:27ff:fe05:3294%em0 prefixlen 64 scopeid 0x1
> em1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
> lladdr 08:00:27:6b:5b:6a
> priority: 0
> media: Ethernet autoselect (1000baseT full-duplex)
> status: active
> inet6 fe80::a00:27ff:fe6b:5b6a%em1 prefixlen 64 scopeid 0x2
> inet 192.168.9.67 netmask 0xffffff00 broadcast 192.168.9.255
> enc0: flags=0<>
> priority: 0
> groups: enc
> status: active
> pflog0: flags=141<UP,RUNNING,PROMISC> mtu 33152
> priority: 0
> groups: pflog
> pfsync0: flags=41<UP,RUNNING> mtu 1500
> priority: 0
> pfsync: syncdev: em1 maxupd: 128 defer: off
> groups: carp pfsync
> carp1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
> lladdr 01:00:5e:00:01:01
> priority: 0
> carp: carpdev em0 advbase 1 balancing ip
> state MASTER vhid 1 advskew 0
> state BACKUP vhid 2 advskew 100
> groups: carp
> status: master
> inet6 fe80::a00:27ff:fe05:3294%carp1 prefixlen 64 scopeid 0x7
> inet 192.168.0.100 netmask 0xffffff00 broadcast 192.168.0.255
>
>
>
> # hostname
> fw2.example.com
>
>
> #
> ifconfig
>
> lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 33152
> priority: 0
> groups: lo
> inet6 ::1 prefixlen 128
> inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4
> inet 127.0.0.1 netmask 0xff000000
> em0: flags=8b43<UP,BROADCAST,RUNNING,PROMISC,ALLMULTI,SIMPLEX,MULTICAST>
> mtu 1500
> lladdr 08:00:27:14:36:90
> priority: 0
> groups: egress
> media: Ethernet autoselect (1000baseT full-duplex)
> status: active
> inet 192.168.0.11 netmask 0xffffff00 broadcast 192.168.0.255
> inet6 fe80::a00:27ff:fe14:3690%em0 prefixlen 64 scopeid 0x1
> em1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
> lladdr 08:00:27:b1:84:2d
> priority: 0
> media: Ethernet autoselect (1000baseT full-duplex)
> status: active
> inet6 fe80::a00:27ff:feb1:842d%em1 prefixlen 64 scopeid 0x2
> inet 192.168.9.68 netmask 0xffffff00 broadcast 192.168.9.255
> enc0: flags=0<>
> priority: 0
> groups: enc
> status: active
> pflog0: flags=141<UP,RUNNING,PROMISC> mtu 33152
> priority: 0
> groups: pflog
> pfsync0: flags=41<UP,RUNNING> mtu 1500
> priority: 0
> pfsync: syncdev: em1 maxupd: 128 defer: off
> groups: carp pfsync
> carp1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
> lladdr 01:00:5e:00:01:01
> priority: 0
> carp: carpdev em0 advbase 1 balancing ip
> state BACKUP vhid 1 advskew 100
> state MASTER vhid 2 advskew 0
> groups: carp
> status: backup
> inet6 fe80::a00:27ff:fe14:3690%carp1 prefixlen 64 scopeid 0x7
> inet 192.168.0.100 netmask 0xffffff00 broadcast 192.168.0.255
>
>
>
>
>
>
>
> --
> Thank you
> Indunil Jayasooriya
