Router with CARP: reproducible deadlock
Hello,
My dream is to build a redundant router using carp. I build
test environments, one with FreeBSD 6.0, another one using
pfsense and I also tried OpenBSD 3.8. However in every
environment I'm getting into a deadlock situation with the
following steps:
1st: Set up "router1" with 2 NICs connection the networks
"net1" and "net2". This machine is cloned to "router2",
where we adjust the IP addresses on both physical
Interfaces. Set up carp on both machines (carp0 is
192.168.0.240 and connected to net1, carp1 is 172.16.16.240
and connected to net2). Of course, execute 'sysctl -w
net.inet.carp.allow=1; sysctl -w net.inet.carp.preempt=1'
and connect "router2" in parallel to "router1".
2nd: Start up carp on both machines, which leads to router1
beeing MASTER with both carp interfaces and Router2 beeing
BACKUP with both. Perfect for now.
3rd: Unplug router1's patch cable to net1. As router1 does
not see any more advertisments from router2 at net1,
router1's carp0 stays in MASTER mode.
4th: router2 doesn't see any more advertisments from router1
at net1 as well ('cause the cable is disconnected!). So
router2's carp0 becomes MASTER. Even though
net.inet.carp.preempt is set, router2's carp1 stays in
BACKUP mode.
5th: Now we have the catastrophic situation:
router1
carp0 (net1) is in MASTER mode (cable unplugged!)
carp1 (net2) is in MASTER mode
router2
carp0 (net1) is in MASTER mode
carp1 (net2) is in BACKUP mode
As you can see, packets that should be routed will be lost.
I'm asking myself, if anybody uses carp based routers in
production environment? If this is the normal behaviour, you
should not! But I hope, that I misunderstood the carp
documentation and someone will enlighten me :-)
Any suggestions?
Regards,
Sebastian Schwerdhoefer
___
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Router with CARP: reproducible deadlock
On Wed, Jan 11, 2006 at 01:53:54PM +0100, Sebastian Schwerdhoefer wrote:
S> My dream is to build a redundant router using carp. I build
S> test environments, one with FreeBSD 6.0, another one using
S> pfsense and I also tried OpenBSD 3.8. However in every
S> environment I'm getting into a deadlock situation with the
S> following steps:
S>
S> 1st: Set up "router1" with 2 NICs connection the networks
S> "net1" and "net2". This machine is cloned to "router2",
S> where we adjust the IP addresses on both physical
S> Interfaces. Set up carp on both machines (carp0 is
S> 192.168.0.240 and connected to net1, carp1 is 172.16.16.240
S> and connected to net2). Of course, execute 'sysctl -w
S> net.inet.carp.allow=1; sysctl -w net.inet.carp.preempt=1'
S> and connect "router2" in parallel to "router1".
S>
S> 2nd: Start up carp on both machines, which leads to router1
S> beeing MASTER with both carp interfaces and Router2 beeing
S> BACKUP with both. Perfect for now.
S>
S> 3rd: Unplug router1's patch cable to net1. As router1 does
S> not see any more advertisments from router2 at net1,
S> router1's carp0 stays in MASTER mode.
S>
S> 4th: router2 doesn't see any more advertisments from router1
S> at net1 as well ('cause the cable is disconnected!). So
S> router2's carp0 becomes MASTER. Even though
S> net.inet.carp.preempt is set, router2's carp1 stays in
S> BACKUP mode.
S>
S> 5th: Now we have the catastrophic situation:
S>
S> router1
S> carp0 (net1) is in MASTER mode (cable unplugged!)
S> carp1 (net2) is in MASTER mode
S>
S> router2
S> carp0 (net1) is in MASTER mode
S> carp1 (net2) is in BACKUP mode
S>
S> As you can see, packets that should be routed will be lost.
S>
S> I'm asking myself, if anybody uses carp based routers in
S> production environment? If this is the normal behaviour, you
S> should not! But I hope, that I misunderstood the carp
S> documentation and someone will enlighten me :-)
S>
S> Any suggestions?
This means that your NIC doesn't detect loss of Ethernet link. What
NICs do you use? Please demask "net1" and "net2".
--
Totus tuus, Glebius.
GLEBIUS-RIPN GLEB-RIPE
___
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Router with CARP: reproducible deadlock
Thanks for this fast reply! Gleb Smirnoff schrieb am 2006-01-11 um 14:16 Uhr: > This means that your NIC doesn't detect loss of Ethernet link. What > NICs do you use? Please demask "net1" and "net2". I already gave up and dismantled my test scenario, but with this information I'll give it another try soon. I'll have a look which NICs are used and possibly change them... But does this also mean, that carp depends on the ability of the NIC to detect link loss? regards, Sebastian Schwerdhoefer ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Router with CARP: reproducible deadlock
On Wed, Jan 11, 2006 at 02:36:00PM +0100, Sebastian Schwerdhoefer wrote: S> Gleb Smirnoff schrieb am 2006-01-11 um 14:16 Uhr: S> > This means that your NIC doesn't detect loss of Ethernet link. What S> > NICs do you use? Please demask "net1" and "net2". S> S> I already gave up and dismantled my test scenario, but with this S> information I'll give it another try soon. I'll have a look which NICs S> are used and possibly change them... S> S> But does this also mean, that carp depends on the ability of the NIC S> to detect link loss? Preemption depends on this. You want router2 to preempt router1 on the network, where router1 has working interface, when router1 has a non-working interface in the other network, right? To do this router1 must give up its mastering on all nets if one interface went down. To tell whether interface went down or not we need a NIC that is capable to detect this. -- Totus tuus, Glebius. GLEBIUS-RIPN GLEB-RIPE ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Debugging a simple net problem
I have a fresh install of 6.0-RELEASE on an old PII-450 machine I had lying around. It didn't have built-in Ethernet so I put in an old 3Com Etherlink III ISA card into the remaining ISA slot. I can get an address via DHCP from my router, but I can't ping the router. I can ping 127.0.0.1, and the IP address the machine was assigned. The ifconfig and netstat -r look OK, I have addresses on my net going to ep0 and a default route out via the router. I'm puzzled that DHCP works but nothing else. I configured the card using sysinstall but I can manually configure the card with a valid address and routing info, with the same result. I'm not sure how to test further from here. Can someone tell me what I might try next? I was considering replacing the network card, but since I can DHCP the card does appear to work. Thanks in advance, Ian ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Help with CARP implementation
Hy guys, I'm novice in redundancy world, but I've read all documentation that I can, like manpages, FAQ from OpenBSD.org and anothers but I still without make my router redundancy works :( My interfaces are this: Master: xl0: 200.200.200.1/29 (WAN) xl1: 192.168.0.1/22 (LAN) bg0: 10.0.0.1/24 (pfsync) Slave: rl1: 201.201.201.1/29 (WAN) * (I need other valid IP here?) rl0: 192.168.0.2/22 (LAN) xl0: 10.0.0.2/24 (pfsync) The gateway from my LAN is 192.168.0.1 - How can I create the carp0 and carp1? - In pf.conf, the $ext_if and $int_if will be carpX? If your can send me some practical examples from rc.conf I will forever thanks :-) Brazlian Regards -- Tiago Cruz http://linuxrapido.org Linux User #282636 "The box said: Requires MS Windows or better, so I installed Linux" ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: if_bridge FreeBSD 6.0 on a Broadcom interface not working
David Leimbach wrote: x86 machine with FreeBSD 6 and using if_bridge to connect the tap0 interface with xl0 with great success. I tried to duplicate this configuration on a dual opteron machine that has Broadcom adapters and when I add the bge0 or bge1 interfaces to the bridge0 iface that I create I lose all connectivity. The moment I destroy the bridge0 interface, bge0 or bge1 as it may be begins responding again. Hmmm. I'm getting this *exact* behaviour but with two Intel Ether Express Pro/1000 interfaces. Previously, I was fiddling with if_bridge bridging in a box (HP VLi8) with the built-in 3Com i/f (xl0) and an add-in PRO/1000 card (em0). That worked great. So I have now duplicated that config in a Supermicro board (X6DHP-8G2; single 3.2 GHz Xeon) with three PRO/1000 interfaces, using em0 and em1. As soon as I boot up with em0 and em1 added to the bridge0 interface, I lose IP connectivity. Interestingly, I can ping hosts by IP address. But all attempts to do anything else, eg NTP, DNS or ssh are futile. So it would seem to me that bridging with two identical (ie hardware) interfaces breaks if_bridge. David: have you learned anything new? If anyone wants me to run some tests, please let me know. Cheers! ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: if_bridge FreeBSD 6.0 on a Broadcom interface not working
Bruce Walker wrote: [if_bridge trouble with] two Intel Ether Express Pro/1000 interfaces. Previously, I was fiddling with if_bridge bridging in a box (HP VLi8) with the built-in 3Com i/f (xl0) and an add-in PRO/1000 card (em0). That worked great. So I have now duplicated that config in a Supermicro board (X6DHP-8G2; single 3.2 GHz Xeon) with three PRO/1000 interfaces, using em0 and em1. As soon as I boot up with em0 and em1 added to the bridge0 interface, I lose IP connectivity. Interestingly, I can ping hosts by IP address. But all attempts to do anything else, eg NTP, DNS or ssh are futile. I have some more specific info now, and a workaround! :-) This box actually has three working PRO/1000 interfaces. So I tried avoiding adding em0 (my inet "ssh interface") to the bridge, and voila! ... it works. If I create a bridge from em1 and em2 only, then everything is jim-dandy. Looks like: ne# ifconfig -a em0: flags=8943 mtu 1500 options=b inet6 fe80::230:48ff:fe2e:998c%em0 prefixlen 64 scopeid 0x1 inet 10.1.11.205 netmask 0x broadcast 10.1.255.255 ether 00:30:48:2e:99:8c media: Ethernet autoselect (1000baseTX ) status: active em1: flags=8943 mtu 1500 options=b inet6 fe80::230:48ff:fe2e:998d%em1 prefixlen 64 scopeid 0x2 ether 00:30:48:2e:99:8d media: Ethernet autoselect (100baseTX ) status: active em2: flags=8943 mtu 1500 options=b inet6 fe80::230:48ff:fe42:d992%em2 prefixlen 64 scopeid 0x3 ether 00:30:48:42:d9:92 media: Ethernet autoselect (1000baseTX ) status: active lo0: flags=8049 mtu 16384 inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4 inet 127.0.0.1 netmask 0xff00 bridge0: flags=8041 mtu 1500 ether ac:de:48:47:be:24 priority 32768 hellotime 2 fwddelay 15 maxage 20 member: em2 flags=3 member: em1 flags=3 ne# The reason that em0 is in promiscuous mode here is because I'm running tcpdump on it to see if the act of putting it in promiscuous mode nukes it. It does not harm it at all, so that aspect of bridging it is not at fault. So my workaround is to connect em0 and em1 in parallel to the same switch, and use em2 to bridge over to my test net. As long as I don't add my inet IP-numbered interface (em0) to the bridge, I'm good to go. Pretty strange. Cheers! ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: if_bridge FreeBSD 6.0 on a Broadcom interface not working
> > > David: have you learned anything new? Only that tcpdump seems to work fine on my bge0. Note that I was bridging a tap0 and a bge0 not two bge interfaces. I was doing this to work with vde and qemu to more easily expose a virtualized PC to my network. The latest vde port is no longer in sync with qemu's latest port now so I have very little reason to try this again at this time. If anyone wants me to run some tests, please let me know. > > Cheers! > > ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Automatic VLANS
Hello, freebsd-net. Does Automatic VLANS works? It is was described in http://people.freebsd.org/~andre/FreeBSD-5.3-Networking.pdf # ifconfig em0.1 inet 10.90.90.200/24 ifconfig: interface em0.1 does not exist # uname -r 6.0-STABLE -- Sincerely, Vitaliy Ovsyannikov JSC Skala, Krasnoyarsk, Russia ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
