Adam D. Morley wrote: > On Fri, Mar 17, 2006 at 02:35:55PM -0500, Steven S wrote: >> Adam D. Morley wrote: ... >> Thanks, this is helpful. The settings on the FW's are as above. An >> incorrect setting (above) would seem to make it not work -- as >> opposed to > > Ok. But mine works and yours doesn't? > >> what I'm seeing. Sometimes FW2 takes over as MASTER for some >> interfaces, but FW1 never moves to BACKUP. I do have >> net.inet.carp.preempt=1 set on FW1, but not FW2. > > You're supposed to set preempt on both, iirc.
With both firewalls set to preempt=1 I had a common DMZ switch get shut-off. Both FW's went to a carp skew of 240. They had a MASTER fight. By setting one with preempt=1 and the other with preempt=0, I avoid this. >> As another experiment I moved advbase on FW2 to '2' for all carps, >> but the > > base is how often. skew is priority. Sort of... 'man ifconfig' Says, "Taken together the advbase and advskew indicate how frequently, in seconds, the host will advertise the fact that it considers itself master of the virtual host. The formula is advbase + (advskew / 256). If the master does not advertise within three times this interval, this host will begin advertising as master." So if I set FW1 with 1/0 and FW2 at 2/180, FW1 advertises every one second. If FW2 hasn't heard a carp advertisement in 2.7*3=8.1 seconds it will take over. When FW1 returns, it will start advertising once/sec. As noted in my OP, this doesn't seem to happen on my FW pair. -Steve S.
