Toni Mueller schrieb:
> Hi,
>
> On Fri, 20.03.2009 at 14:28:46 +0100, Joerg Streckfuss
> <streckf...@dfn-cert.de> wrote:
>> How does CARP behaves when on the master node two "unimportantly" interfaces
>> fail and on the backup node only the uplink interface fails? Does CARP
>> failover
>> to the backup node and as consequence the whole network will be disconnected
>> from the internet?
>
> my reading of carp(4) is that the behaviour depends on the setting of
>
> net.inet.carp.preempt
>
> If set to 1, then firewalls only fail over as a whole, while if set to
> 0, interfaces fail over individually. With interfaces failing over
> individually, and with appropriate routing between your firewalls,
> traffic should flow through the remaining interfaces.
>
> Please note that having interfaces fail over individually makes playing
> with pfsync and sasync *quite* interesting.
> Please also note that you could have more than two firewalls running
> CARP, so maybe the third (fourth, ...) firewall will keep you online.
>
> I guess that the real solution is to have a known-good hardware that
> you can bring up in minutes sitting on the shelf, and yes, to live with
> some downtime.
>
>
> Kind regards,
> --Toni++
>
Okey, sorry I forget to mention that on both hosts preemting is enabled.
So what happens when first on the master host two interfaces fail and an the
backup only one interface fails.
In my opinion preemption on both nodes effects that advskew is set to 240 on all
interfaces and as a consequence there is no host which could advertise faster
then the other host in the carp group.
Am I right in thinking that no failover should happen regardless of the number
of failed carp interfaces?
Kind regards,
Joerg
[demime 1.01d removed an attachment of type application/x-pkcs7-signature which
had a name of smime.p7s]
