That would be really useful :)
One of the things that made it hard to debug was logging. I tried all
the net.inet.carp.log levels ;)
Andy.
On Tue 23 Jul 2013 17:00:58 BST, Theo de Raadt wrote:
I agree, that's why I spent a long time trying to get all the switches
configured correctly. And whilst it is rare, sadly one of our providers
in particular just outright refuses to enable port-fast as they don't
trust all their colo members (kinda don't blame them).
I also don't want to put another switch (or 2 so no single point of
failure) in-between our firewalls and the providers WAN switches.
At least thanks to Stuart's suggestion most of our issues are now
resolved and we'll just have to live with the issue of a backup firewall
taking over when a cable is plugged back in/WAN provider
resets/kills/asserts/misconfigures one of their WAN switches (we have
redundant connections across their switch fabric).
I've been discussing something which might help, with some setups.
It would be nice if CARP could spot these delays, and report them in
some way. If it did that, then someone setting it up could test for
this case, and at least know that the switch is "not quite right".
As it is now, they are shooting in the dark.
