----- Original Message -----
> From: "Tom K" <g...@gnpf.net>
> To: "misc" <misc@OpenBSD.org>
> Sent: Tuesday, July 13, 2021 3:32:04 AM
> Subject: [EXTERNAL] Why demotion counter for group carp is set to 33 on boot?
> Hallo,
>
> why demotion counter for group carp is set to 33 on boot? This is the
> primary firewall and there are no adskew settings in all hostname.carpX
> files or anywhere else.
> Because of this the other firewall which should be normaly the standby
> (adskew 100), is always MASTER (comes up with carp demote count 0).
>
>
>
> I can do "/sbin/ifconfig -g carp -carpdemote 33" in rc.local then this
> system takes the MASTER rule and work together with the 2nd system as
> expected.
> This ar physical machines. I try to simulate this on vmware, but there
> is everything fine. Both system starting with demote count 0.
>
>
> I would appreciate any hint to understand this.
>
> Tom
Greetings Tom:
I don't have an answer for you, but I see the same behavior across a number of
different hardware platforms (all amd64) and across all recent versions of
OpenBSD (6.3+ for sure - maybe further back). I have pairs of machines as
firewalls at remote sites. The only time that I reboot them is for patching and
they sometimes get rebooted in an unplanned fashion due to power loss. It does
not happen every time the systems are rebooted - maybe 1 time in 20. It happens
often enough that checking the carp demotion counters after reboot is now part
of the standard patching procedure and our monitoring system looks for and
fixes the situation.
It's always the box we consider 'primary' (advskew 10 vs. the secondary with
advskew 100), and the carpdemote value is always set to 33. I can't be 100%
certain, but I don't think I've ever seen it happen with the unplanned
reboot/power loss. It only ever seems to happen after a syspatch and reboot.
I have carp.preempt enabled, and I have suspected that the problem lies in
there somewhere, but I have no evidence and it hasn't been enough of a problem
to justify digging into it.
Sorry I don't have an answer for you. I just wanted you to know that it isn't
just you.
-Scott
