Re: problem with CARP+VLAN+OpenBSD 5.5

Tue, 14 Oct 2014 12:45:53 -0700 

On 10/14/2014 06:53 PM, Andy wrote:


Why do you have so many CARP interfaces?
Generally it's good practice to have one CARP interface per broadcast
domain / VLAN etc, and have all your alias IP addresses defined in that
one CARP interface.
NB; when adding;
inet alias <ipaddress> <mask> Always set the mask for each alias to
255.255.255.255
This is apparently correct according to the devs. cite; something I was
told a long time ago even though you'll get a spurious error in the logs
at fail-over time..




Hello Andy,
we use so many carp interfaces because we have separate subnets, so the netmask 255.255.255.255 can't fit our requirements. In past, we tried to use the subnet netmask (i.e. 255.255.255.240), but we didn't feel so confident about this configuration, and the official documentation does not elaborate on the topic. 


Does it always start once you get to 19?

I seem to remember having to increase the number of BPF devices which
high numbers of VLANS etc..

for(( i=10; i <= 30; i++ )); do mknod /dev/bpf$i c 23 $i; done
for(( i=10; i <= 30; i++ )); do chmod o-r,g-r /dev/bpf$i; done
That's intresting. On a similar machine I have only 10 bpf devices (0-9). I will study this tomorrow. 



# pfsync0 system-1
up syncdev em0 syncpeer 10.10.26.4 defer

# pfsync0 system-2
up syncdev em0 syncpeer 10.10.26.3 defer


Why are you using defer? I'm guessing you know what this does and that
it slows things down..
Usually only see this on systems with BGP (incase packets are recieved
on the backup), or on active-active systems.
Yes, sorry, "defer" was an experiment done while trying to understand where was the problem. 


# /etc/hostname.em0 system-1
inet 10.10.26.3 255.255.255.0 NONE

# /etc/hostname.em0 system-2
inet 10.10.26.4 255.255.255.0 NONE


Anyone can help? This issue is driving me crazy
:q!


This all generally looks ok and seems like you know what you're doing.
The usual thing which causes multi master is PF. Also rememer to *not*
sync your carp states over pfsync, this works for us;
pass out quick proto carp keep state (no-sync) set prio 7
pass quick proto carp from { fe80::/10 } to { ff00::/8 } keep state
(no-sync)
pass quick proto carp from { $all_carpv4_ips } keep state (no-sync)
pass quick on { $if_pfsync_dev } proto pfsync keep state (no-sync)
block drop quick proto carp


Thank you very much for your contribute.
I have no access to the servers right now, tomorrow I will check on your advices. 

Thank you!

Reply via email to