I suspect you might want /32 on the carp interfaces (255.255.255.255 rather than your 255.255.255.224).
What are the exact symptoms of not being able to reach .197 when HostB is in backup state? It may be stating the obvious but check there's no PF rule that might be blocking it. You don't mention the OS version (this is one of the reasons dmesg is helpful to include even when it seems irrelevant), but there have been various routing-related changes "recently" which may change things. On 2009-02-21, Michiel van Baak <mich...@vanbaak.info> wrote: > Hi all, > > I'm having some trouble with a two-node CARP setup. > > Configuration: > > HostA > /etc/hostname.em0 > inet XXX.XXX.XXX.196 255.255.255.244 XXX.XXX.XXX.223 \ > media 100baseTX mediaopt full-duplex description External > > /etc/hostname.em1 > inet 192.168.10.2 255.255.255.0 192.168.10.255 \ > media 100baseTX mediaopt full-duplex description Internal > > /etc/hostname.em2 > inet 10.10.10.1 255.255.255.0 10.10.10.255 \ > media 100baseTX mediaopt full-duplex description pfsync > > /etc/hostname.pfsync0 > up syncdev em2 > > /etc/hostname.carp0 > inet XXX.XXX.XXX.198 255.255.255.224 XXX.XXX.XXX.223 vhid 1 pass foo > inet alias XXX.XXX.XXX.199 255.255.255.224 NONE > inet alias XXX.XXX.XXX.200 255.255.255.224 NONE > inet alias XXX.XXX.XXX.201 255.255.255.224 NONE > inet alias XXX.XXX.XXX.202 255.255.255.224 NONE > inet alias XXX.XXX.XXX.203 255.255.255.224 NONE > > /etc/hostname.carp1 > inet 192.168.10.1 255.255.255.0 192.168.10.255 vhid 2 pass bar > > $ cat /etc/sysctl.conf | grep -v '^#' > > > net.inet.ip.forwarding=1 # 1=Permit forwarding (routing) of IPv4 packets > net.inet.carp.preempt=1 # 1=Enable carp(4) preemption > > HostB > Almost the same, but using XXX.XXX.XXX.197 on em0 and 192.168.10.3 on > em1 and 10.10.10.2 on em2 and the carp interfaces have advskew 100 > configured so the box is BACKUP > > Now the problem: > I can reach XXX.XXX.XXX.196 and all configured aliases without trouble. > I can ssh in, relayd relays are working fine and all. If the box goes > down or looses connection the second box takes over and everyone is > happy. > BUT, I cannot reach XXX.XXX.XXX.197 when HostB is in backup state. > My suspicion is that this is a routing issue. Looking at the output of > route -n show: > > HostA: > $ route -n show -inet > Routing tables > > Internet: > Destination Gateway Flags Refs Use Mtu Prio > Iface > default XXX.XXX.XXX.193 UGS 9 53475499 - 48 > carp0 > 10.10.10/24 link#3 UC 1 0 - 48 > em2 > 10.10.10.2 00:15:17:95:c4:43 UHLc 0 1207 - 48 > em2 > XXX.XXX.XXX.192/27 link#6 UC 21 0 - 48 > carp0 > XXX.XXX.XXX.193 00:00:5e:00:01:0c UHLc 1 0 - 48 > carp0 > XXX.XXX.XXX.194 00:17:cb:ab:81:fe UHLc 0 0 - 48 > carp0 > XXX.XXX.XXX.195 00:19:e2:0c:31:fe UHLc 0 0 - 48 > carp0 > XXX.XXX.XXX.196 00:15:17:9f:3d:88 UHLc 0 3 - 48 > lo0 > XXX.XXX.XXX.196/30 link#1 UC 1 0 - 48 > em0 > XXX.XXX.XXX.198 XXX.XXX.XXX.198 UH 0 5 - 48 > carp0 > XXX.XXX.XXX.199 XXX.XXX.XXX.199 UH 0 3 - 48 > carp0 > XXX.XXX.XXX.200 00:00:5e:00:01:01 UHLc 0 6 - 48 > lo0 > XXX.XXX.XXX.201 00:00:5e:00:01:01 UHLc 0 5 - 48 > lo0 > XXX.XXX.XXX.202 00:00:5e:00:01:01 UHLc 0 8 - 48 > lo0 > > HostB: > $ route -n show -inet > Routing tables > > Internet: > Destination Gateway Flags Refs Use Mtu Prio > Iface > default XXX.XXX.XXX.193 UGS 0 190387 - 48 > carp0 > 10.10.10/24 link#3 UC 1 0 - 48 > em2 > 10.10.10.1 00:15:17:95:c2:b6 UHLc 0 565 - 48 > em2 > XXX.XXX.XXX.192/27 link#6 UC 1 0 - 48 > carp0 > XXX.XXX.XXX.193 link#6 UHLc 1 0 - 48 > carp0 > XXX.XXX.XXX.196/30 link#1 UC 0 0 - 48 > em0 > > > Any pointers to get this setup correctly so I can reach the addresses on > the physical interfaces of both boxen, no matter in what CARP state they > are ?
