Josh wrote:
Hello, A quick question.
I have a pair of 4.1 boxes acting as firewalls using carp/pfsync etc.
The primary has advskew 0, the backup has advskew 100. I have
net.inet.carp.preempt=1 on both.
So anyway, I was downloading some 4.2 install binaries onto the backup
fw, and I noticed that the backup/primary carp interfaces kept on
switching between master/backup fairly rapidly ( around every 5 - 10
seconds or so ) despite both hosts being up just fine.
Any ideas on what might be causing this?
Also, My understanding of net.inet.carp.preempt=1 needs to be adjusted I
think; I thought that it meant if one carp interface goes down, ie,
unplugged or whatever, then the rest go down, ie all other interfaces on
the box? Is this right?
Thanks,
Josh
Your understanding of preempt seems correct
I had a similar issue on a pair of 4.1 FW's.
A careful examination revealed that one of the carp ifaces on one system
had ip addrs that were missing on the other.
Carefully compare ifconfig -aA on each machine to each other.
I now slavishly alsoensure that the addrs occur in the same order ... I
am sure that has no effect, but there it is.
Are you allowing the carp traffic in and out?
Does a tcpdump show the expected traffic?.
