Hi,
I had written below some details on the problem that I was seeing, and I
was doing a bit more investigating and did a port monitor on our
switches on the OBSD relative interface, as well as some TCP dumps on
the OBSD box.
The dump on the OBSD box shows that ARP replies include 802.1Q traffic
for ARP replies of both the real VLAN interface IP address, as well as
the CARP interface on that VLAN interface.
However, the port monitor of the switch only shows the ARP reply from
the real interface as having the 802.1Q information, and is not seeing
any 802.1Q information for the ARP reply of the CARP interface.
I've again added the full traces in a pastebin, to not overcrowd the
email, but feel free to let me know if it's not viewed as a good
practice :-)
http://pastebin.com/mS8U1KXe
Would anyone have a clue as to why I would see this behaviour or what I
could do to correct it? I'm pretty sure that this would be the reason
why ARP replies are not getting to the requesting system.
Thanks again,
Steve
On 08/03/2010 12:57 PM, Steve Johnson wrote:
Hi,
I have an issue with setting up CARP interfaces for VLAN system
interfaces. For some reason, the CARP interface is unreachable from any
host except the MASTER node, and it seems like the ARP requests are not
reaching the destination hosts, yet they are sent by the OBSD systems,
on both the VLAN interface, and the real interface with a vid tag on the
proper VLAN ID. The switches do have the the MAC address in their ARP
tables though. The weird thing is that the same setup creates no issues
whatsoever for all CARP interfaces bound to physical interfaces, and not
to VLAN interfaces. Here is a drilldown of the situation:
- PF is disabled
- All systems (including both nodes) can reach the VLAN interface IP
addresses
- All CARP interfaces are part of a secondary group
- CARP demotes, system reboots and shutting interfaces all properly
switch the CARP master and backup for the whole group
- A CARP master/backup switch properly updates the MAC address table in
the switches
- All systems can reach the CARP interface IPs for CARP interfaces set
on non-VLAN interfaces
- No system (except the system that is the CARP MASTER) can reach the
CARP interface IPs that are set on VLAN interfaces
Below are configuration details, tcpdumps and logs that detail the setup.
http://pastebin.com/hbwrKmVr
Any idea as to what could be causing this would be appreciated!
Thanks,
Steve Johnson
