CARP + arpbalance + vlan = packet loss

Jacob Yocom-Piatt Mon, 16 Oct 2006 16:47:17 -0700

i'm getting a redundant routing setup ready at work and i've run into an issue
with "dropped" packets. someone else has probably already hit this same snag, so
please speak up.


there are 2 machines with 2 interfaces in each, 2 for pfsync between them and
the other 2 connect to an 802.1q capable switch. the interfaces connected to the
switch have both a physical IP and a vlan IP, both of which are CARPed with
arpbalance, i.e. there are 2 carp interfaces for both the physical and vlan
interfaces = 4 total carp interfaces. the two machines have identical pf.conf's
and fail over quite nicely between each other.

however, when a machine is sitting "behind" the pair of CARPed routers on the
vlan, it cannot successfully make DNS requests. this is quickly remedied by
pulling one of the cables between the switch and one of the routers, and pinging
public sites is fine. it also works after plugging the recently unplugged router
back in. when the DNS requests aren't working, the public DNS server's reply
gets to the routers and doesn't go out over the vlan (checked via tcpdump).

the topology of the test setup is as follows:

router 1--------tagged-###########
   |                   # SRW2024 #-untagged----vlan 1
router 2--------tagged-###########

where router 1 and 2 have a CARP IP 172.16.100.1 and are the gateway for the
vlan 1 machine at 172.16.100.100. the routers also have 172.16.16.9 as a CARP IP
on the 172.16.16/24 subnet.

find below the ifconfig for the two routers. advice is appreciated.

cheers,
jake

dc0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        lladdr 00:03:6d:10:ea:98
        media: Ethernet autoselect (100baseTX full-duplex)
        status: active
        inet 10.1.1.254 netmask 0xffffff00 broadcast 10.1.1.255
        inet6 fe80::203:6dff:fe10:ea98%dc0 prefixlen 64 scopeid 0x1
xl0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
        lladdr 00:01:02:74:ab:b7
        groups: egress 
        media: Ethernet autoselect (100baseTX full-duplex)
        status: active
        inet 172.16.16.199 netmask 0xffffff00 broadcast 172.16.16.255
        inet6 fe80::201:2ff:fe74:abb7%xl0 prefixlen 64 scopeid 0x2
pflog0: flags=141<UP,RUNNING,PROMISC> mtu 33224
pfsync0: flags=41<UP,RUNNING> mtu 1460
        pfsync: syncdev: dc0 syncpeer: 224.0.0.240 maxupd: 128
enc0: flags=0<> mtu 1536
vlan0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
        lladdr 00:01:02:74:ab:b7
        vlan: 2 priority: 0 parent interface: xl0
        groups: vlan 
        inet6 fe80::201:2ff:fe74:abb7%vlan0 prefixlen 64 scopeid 0x7
        inet 172.16.100.254 netmask 0xffffff00 broadcast 172.16.100.255
carp0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        carp: MASTER carpdev xl0 vhid 1 advbase 1 advskew 0
        groups: carp 
        inet 172.16.16.9 netmask 0xffffff00 broadcast 172.16.16.255
carp1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        carp: MASTER carpdev xl0 vhid 2 advbase 1 advskew 100
        groups: carp 
        inet 172.16.16.9 netmask 0xffffff00 broadcast 172.16.16.255
carp2: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        carp: MASTER carpdev vlan0 vhid 1 advbase 1 advskew 0
        groups: carp 
        inet 172.16.100.1 netmask 0xffffff00 broadcast 172.16.100.255
carp3: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        carp: MASTER carpdev vlan0 vhid 2 advbase 1 advskew 100
        groups: carp 
        inet 172.16.100.1 netmask 0xffffff00 broadcast 172.16.100.255

dc0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
        lladdr 00:03:6d:11:2f:d7
        groups: egress 
        media: Ethernet autoselect (100baseTX full-duplex)
        status: active
        inet 172.16.16.198 netmask 0xffffff00 broadcast 172.16.16.255
        inet6 fe80::203:6dff:fe11:2fd7%dc0 prefixlen 64 scopeid 0x1
dc1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        lladdr 00:a0:cc:39:78:86
        media: Ethernet autoselect (100baseTX full-duplex)
        status: active
        inet 10.1.1.253 netmask 0xffffff00 broadcast 10.1.1.255
        inet6 fe80::2a0:ccff:fe39:7886%dc1 prefixlen 64 scopeid 0x2
pflog0: flags=141<UP,RUNNING,PROMISC> mtu 33224
pfsync0: flags=41<UP,RUNNING> mtu 1460
        pfsync: syncdev: dc1 syncpeer: 224.0.0.240 maxupd: 128
enc0: flags=0<> mtu 1536
vlan0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
        lladdr 00:03:6d:11:2f:d7
        vlan: 2 priority: 0 parent interface: dc0
        groups: vlan 
        inet6 fe80::203:6dff:fe11:2fd7%vlan0 prefixlen 64 scopeid 0x7
        inet 172.16.100.253 netmask 0xffffff00 broadcast 172.16.100.255
carp0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        carp: BACKUP carpdev dc0 vhid 1 advbase 1 advskew 100
        groups: carp 
        inet 172.16.16.9 netmask 0xffffff00 broadcast 172.16.16.255
carp1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        carp: MASTER carpdev dc0 vhid 2 advbase 1 advskew 0
        groups: carp 
        inet 172.16.16.9 netmask 0xffffff00 broadcast 172.16.16.255
carp2: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        carp: BACKUP carpdev vlan0 vhid 1 advbase 1 advskew 100
        groups: carp 
        inet 172.16.100.1 netmask 0xffffff00 broadcast 172.16.100.255
carp3: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        carp: MASTER carpdev vlan0 vhid 2 advbase 1 advskew 0
        groups: carp 
        inet 172.16.100.1 netmask 0xffffff00 broadcast 172.16.100.255

CARP + arpbalance + vlan = packet loss

Reply via email to