MJ J(mikedotjack...@gmail.com) on 2021.05.23 17:58:47 +0300: > Hi, > > I have a carp master and backup on a pair of one-armed Rapsberry Pi 4B > devices (router1 and router2) and when I ssh to the backup using the > carp IP as my gateway, it repeatedly throws me out after a few seconds > with the message: > > My laptop's network config: > ----------------------------------- > IP: 192.168.4.109 > Subnet mask: 255.255.255.0 > Gateway: 192.168.4.1 > > Both RPI4s are connected to switchports with packets tagged for VLANs > 2,3,4,6 and the network devices don't have IP configuration - > everything is configured on VLAN interfaces with the single parent > interface bse0. CARP failover actually works as expected, but as > mentioned I am unable to maintain an ssh session with the backup > "router2" while using the carp IPs as my network gateway. > > Network switch is a Zyxel GS1200-8 with firmware V2.00(ABME.0)C0. Loop > prevention is enabled and I have also tested with it disabled to no > avail. > > What happens: > ----------------------------------- > $ ssh 10.0.1.101 > Last login: Sun May 23 17:44:21 2021 from 10.0.1.100 > OpenBSD 6.9 (GENERIC.MP) #1134: Sun Apr 18 01:53:35 MDT 2021 > router2# > router2# client_loop: send disconnect: Broken pipe
you ssh from 192.168.4.109 to 10.0.1.101? My best guess is that you have asymetric routing and your carp master router1 only sees one direction of the traffic: laptop -> router1 -> router2 and router2 -> laptop because router2 has your laptop network locally on vlan6. Solution: ssh to 192.168.4.3. > > > Router 1 network config: > ----------------------------------- > router1# cat hostname.bse0 > up > > router1# cat hostname.vlan2 > 172.16.1.6/24 172.16.1.255 parent bse0 vnetid 2 group PFSYNC > description "private segment with router2" > > router1# cat hostname.vlan3 > 10.0.1.100/24 10.0.1.255 parent bse0 vnetid 3 group INTERNAL > description "router1 internal interface" > > router1# cat hostname.vlan4 > 192.168.1.252/24 192.168.1.255 parent bse0 vnetid 4 group OLDSHIT > description "unmigrated shit" > > router1# cat hostname.vlan6 > 192.168.4.2/24 192.168.4.255 parent bse0 vnetid 6 group TCWIFI > description "Time-Capsule Wifi" > > router1# cat hostname.carp4 > 192.168.1.1/24 carpdev vlan4 pass fukdissh1t vhid 41 advskew 1 > description "TC-WIFI gateway" > > router1# cat hostname.carp6 > 192.168.4.1/24 carpdev vlan6 pass fukdissh1t vhid 61 advskew 1 > description "TC-WIFI gateway" > > > Router2 network config: > ----------------------------------- > router2# cat hostname.bse0 > up > > router2# cat hostname.vlan2 > 172.16.1.7/24 172.16.1.255 parent bse0 vnetid 2 group PFSYNC > description "private segment with router1" > > router2# cat hostname.vlan3 > 10.0.1.101/24 10.0.1.255 parent bse0 vnetid 3 group INTERNAL > description "router2 internal interface" > > router2# cat hostname.vlan4 > 192.168.1.253/24 192.168.1.255 parent bse0 vnetid 4 group OLDSHIT > description "unmigrated shit" > > router2# cat hostname.vlan6 > 192.168.4.3/24 192.168.4.255 parent bse0 vnetid 6 group TCWIFI > description "Time-Capsule Wifi" > > router2# cat hostname.carp4 > 192.168.1.1/24 carpdev vlan4 pass fukdissh1t vhid 41 advskew 128 > description "TC-WIFI gateway" > > router2# cat hostname.carp6 > 192.168.4.1/24 carpdev vlan6 pass fukdissh1t vhid 61 advskew 128 > description "TC-WIFI gateway" > > > Any tips much appreciated. > > -mike > --
