Hi List,
I do not get carp on vlan on trunk working. Hopefully someone can point
me in the right direction.
OS: OpenBSD 4.2 GENERIC.MP#252 i386
On the "External" side (here carp works)
em0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
lladdr 00:15:17:25:ba:3c
media: Ethernet autoselect (1000baseT full-duplex)
status: active
inet 172.16.254.1 netmask 0xfffffff0 broadcast 172.16.254.15
carp0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
lladdr 00:00:5e:00:01:01
carp: MASTER carpdev em0 vhid 1 advbase 1 advskew 0
groups: carp egress
inet 172.16.128.68 netmask 0xfffffff8 broadcast 172.16.128.71
Connected to the same switch as below in a seperate untagged vlan.
On the "DMZ" side, carp does not work. A short description:
Firewall 1 is connected with two UTP cables to port 19 and 20 to a Dell
PowerConnect 6224 switch, both switchports are aggregated (LAG 1) and in
"trunk" mode (this means, in contrast to BSD, that I can add the port to
more than 1 vlan on the switch, the VLAN tag created on the firewall
tells the switch for which vlan the packet is meant).
Firewall 2 is connected with two UTP cables to port 17 and 18 to the
same Dell PowerConnect 6224 switch, both switchports are aggregated (LAG
2) and are in "trunk" mode.
Since CARP advertising is multicast (to 224.0.0.18), I also played with
some multicast settings on the switch to no succes (on request I'll
write some more details about this).
When the switchports are in Dell's Trunk mode, both carp1 interfaces
have status BACKUP. When I turn off the Trunk mode they both go to MASTER.
I can ping the vlan3 IP addresses from both hosts. tcpdump also shows me
carp advertisement packets, but I don't think they arrive at the
destination (dunno really how to read those). The working carp setup on
the External side also show RSTP packets; I don't see them on the DMZ side.
tcpdump output firewall 1:
13:09:28.799534 carp 172.16.254.17 > 224.0.0.18: CARPv2-advertise 36:
vhid=2 advbase=1 advskew=0 demote=0 (DF) [tos 0x10] (ttl 255, id 9482,
len 56)
13:09:29.809570 carp 172.16.254.17 > 224.0.0.18: CARPv2-advertise 36:
vhid=2 advbase=1 advskew=0 demote=0 (DF) [tos 0x10] (ttl 255, id 23484,
len 56)
13:09:30.819610 carp 172.16.254.17 > 224.0.0.18: CARPv2-advertise 36:
vhid=2 advbase=1 advskew=0 demote=0 (DF) [tos 0x10] (ttl 255, id 1633,
len 56)
etc
tcpdump output firewall 2:
13:09:18.833188 carp 172.16.254.18 > 224.0.0.18: CARPv2-advertise 36:
vhid=2 advbase=1 advskew=100 demote=0 (DF) [tos 0x10] (ttl 255, id
56314, len 56)
13:09:20.243270 carp 172.16.254.18 > 224.0.0.18: CARPv2-advertise 36:
vhid=2 advbase=1 advskew=100 demote=0 (DF) [tos 0x10] (ttl 255, id
37625, len 56)
13:09:21.653351 carp 172.16.254.18 > 224.0.0.18: CARPv2-advertise 36:
vhid=2 advbase=1 advskew=100 demote=0 (DF) [tos 0x10] (ttl 255, id
36905, len 56)
etc
This is my config for the "DMZ" side where I would like to use vlans:
Firewall 1
em1: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
lladdr 00:15:17:25:ba:3d
trunk: trunkdev trunk0
media: Ethernet autoselect (1000baseT full-duplex)
status: active
inet6 fe80::215:17ff:fe25:ba3d%em1 prefixlen 64 scopeid 0x2
em2: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
lladdr 00:15:17:25:ba:3d
trunk: trunkdev trunk0
media: Ethernet autoselect (1000baseT full-duplex)
status: active
inet6 fe80::215:17ff:fe25:b868%em2 prefixlen 64 scopeid 0x3
trunk0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
lladdr 00:15:17:25:ba:3d
trunk: trunkproto loadbalance
trunkport em2 active
trunkport em1 master,active
groups: trunk
media: Ethernet autoselect
status: active
inet6 fe80::215:17ff:fe25:ba3d%trunk0 prefixlen 64 scopeid 0x9
vlan3: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
lladdr 00:15:17:25:ba:3d
vlan: 3 priority: 0 parent interface: trunk0
groups: vlan
inet6 fe80::215:17ff:fe25:ba3d%vlan3 prefixlen 64 scopeid 0xa
inet 172.16.254.17 netmask 0xfffffff0 broadcast 172.16.254.31
carp1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
lladdr 00:00:5e:00:01:02
carp: BACKUP carpdev vlan3 vhid 2 advbase 1 advskew 0
groups: carp
inet6 fe80::200:5eff:fe00:102%carp1 prefixlen 64 scopeid 0xd
inet 172.16.128.94 netmask 0xfffffff0 broadcast 172.16.128.95
Firewall 2
em1: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
lladdr 00:15:17:25:ba:59
trunk: trunkdev trunk0
media: Ethernet autoselect (1000baseT full-duplex)
status: active
inet6 fe80::215:17ff:fe25:ba59%em1 prefixlen 64 scopeid 0x2
em2: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
lladdr 00:15:17:25:ba:59
trunk: trunkdev trunk0
media: Ethernet autoselect (1000baseT full-duplex)
status: active
inet6 fe80::215:17ff:fe25:b850%em2 prefixlen 64 scopeid 0x3
trunk0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
lladdr 00:15:17:25:ba:59
trunk: trunkproto loadbalance
trunkport em2 active
trunkport em1 master,active
groups: trunk
media: Ethernet autoselect
status: active
inet6 fe80::215:17ff:fe25:ba59%trunk0 prefixlen 64 scopeid 0x9
vlan3: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
lladdr 00:15:17:25:ba:59
vlan: 3 priority: 0 parent interface: trunk0
groups: vlan
inet6 fe80::215:17ff:fe25:ba59%vlan3 prefixlen 64 scopeid 0xa
inet 172.16.254.18 netmask 0xfffffff0 broadcast 172.16.254.31
carp1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
lladdr 00:00:5e:00:01:02
carp: BACKUP carpdev vlan3 vhid 2 advbase 1 advskew 100
groups: carp
inet6 fe80::200:5eff:fe00:102%carp1 prefixlen 64 scopeid 0xd
inet 172.16.128.94 netmask 0xfffffff0 broadcast 172.16.128.95
Thanks,
Arjen.
