* Steven S <[EMAIL PROTECTED]> [2006-06-03 02:01]:
> The self inflicted issue came when I added an alias IP to FW1:carp0 but not
> yet to FW2:carp0. Both FW1 and FW2 became master for the interface, until I
> added the alias to FW2.
that can lead to master-master situations unfortunately. not too
Steven S wrote:
> It would appear my issues are related to timekeeping on these boxes
> (Compaq DL360 G1).
>
> If I bump advbase to '3' on each box everything is more stable.
> Given this, I now have a roughly 10 second fail-over time, but that
> is still acceptable.
>
> Since these are product
It would appear my issues are related to timekeeping on these boxes (Compaq
DL360 G1).
If I bump advbase to '3' on each box everything is more stable. Given this,
I now have a roughly 10 second fail-over time, but that is still acceptable.
Since these are production boxes I'll probably wait un
On Sat, Mar 18, 2006 at 02:28:24PM -0500, Steven S wrote:
> Joachim Schipper wrote:
> >> Using NTPDATE in cron (30 minutes), I was able to handle this weird
> >> behavior.
> >>
> >> Take a look in your date/time, maybe it's the reason of your stran
Joachim Schipper wrote:
>> Using NTPDATE in cron (30 minutes), I was able to handle this weird
>> behavior.
>>
>> Take a look in your date/time, maybe it's the reason of your strange
>> carp issues.
>
> As to problems with adjtime(2) and SMP machines, t
On Fri, Mar 17, 2006 at 03:41:01PM -0500, Steven S wrote:
> Adam D. Morley wrote:
> > On Fri, Mar 17, 2006 at 02:35:55PM -0500, Steven S wrote:
> >> Adam D. Morley wrote:
> ...
> >> Thanks, this is helpful. The settings on the FW's are as above. An
> >> incorrect setting (above) would seem to mak
On Fri, Mar 17, 2006 at 12:48:49PM -0800, Jon Simola wrote:
> On 3/17/06, Adam D. Morley <[EMAIL PROTECTED]> wrote:
>
> > > As another experiment I moved advbase on FW2 to '2' for all carps, but the
> >
> > base is how often. skew is priority.
>
> No, advbase is integer seconds between advertise
er becomes Slave, and the Slave becomes Master.
>
> Using NTPDATE in cron (30 minutes), I was able to handle this weird
> behavior.
>
> Take a look in your date/time, maybe it's the reason of your strange
> carp issues.
As to problems with adjtime(2) and SMP machines, the
On 3/17/06, Adam D. Morley <[EMAIL PROTECTED]> wrote:
> > As another experiment I moved advbase on FW2 to '2' for all carps, but the
>
> base is how often. skew is priority.
No, advbase is integer seconds between advertisements, advskew is
fractional seconds. Taken together, advbase and advskew
Adam D. Morley wrote:
> On Fri, Mar 17, 2006 at 02:35:55PM -0500, Steven S wrote:
>> Adam D. Morley wrote:
...
>> Thanks, this is helpful. The settings on the FW's are as above. An
>> incorrect setting (above) would seem to make it not work -- as
>> opposed to
>
> Ok. But mine works and yours
* Steven S <[EMAIL PROTECTED]> [2006-03-17 20:23]:
> Henning Brauer wrote:
> > * Steven S <[EMAIL PROTECTED]> [2006-03-17 19:10]:
> >> beginning to think it might be a component of the number of carp
> >> interfaces
> >
> > unlikely.
> > <[EMAIL PROTECTED]> $ ifconfig | grep '^carp' | wc -l
> >
On Fri, Mar 17, 2006 at 02:35:55PM -0500, Steven S wrote:
> Adam D. Morley wrote:
> ...
> > Have you checked:
> >
> > - carp settings in sysctl?
> > - carp pass rules (and ordering) in pf.conf (if you have default
> > deny)?
> > - that you have advskew set "right" on the backup firewall?
> >
> >
Adam D. Morley wrote:
...
> Have you checked:
>
> - carp settings in sysctl?
> - carp pass rules (and ordering) in pf.conf (if you have default
> deny)?
> - that you have advskew set "right" on the backup firewall?
>
> # grep carp /etc/sysctl.conf
> net.inet.carp.allow=1 # allow incomi
On Fri, Mar 17, 2006 at 07:59:35PM +0100, Henning Brauer wrote:
> * Steven S <[EMAIL PROTECTED]> [2006-03-17 19:10]:
> > beginning to think it might be a component of the number of carp interfaces
>
> unlikely.
> <[EMAIL PROTECTED]> $ ifconfig | grep '^carp' | wc -l
> 15
> and growing.
>
Henning Brauer wrote:
> * Steven S <[EMAIL PROTECTED]> [2006-03-17 19:10]:
>> beginning to think it might be a component of the number of carp
>> interfaces
>
> unlikely.
> <[EMAIL PROTECTED]> $ ifconfig | grep '^carp' | wc -l
> 15
> and growing.
> and yes, that is real-world production us
* Steven S <[EMAIL PROTECTED]> [2006-03-17 19:10]:
> beginning to think it might be a component of the number of carp interfaces
unlikely.
<[EMAIL PROTECTED]> $ ifconfig | grep '^carp' | wc -l
15
and growing.
and yes, that is real-world production use.
--
BS Web Services, http://www.bsw
On 3/17/06, Steven S <[EMAIL PROTECTED]> wrote:
> Bryan Irvine wrote:
> > I tried before with 2 quad cards to no avail. That was under 3.6
> > though IIRC. 1 or 2 if's would fail over within a couple of hours,
> > but if left to it's own devices, eventually they all would.
> >
> > If you do figur
Bryan Irvine wrote:
> I tried before with 2 quad cards to no avail. That was under 3.6
> though IIRC. 1 or 2 if's would fail over within a couple of hours,
> but if left to it's own devices, eventually they all would.
>
> If you do figure something out lemme know, I'd love to go back to the
> qu
On 3/17/06, Steven S <[EMAIL PROTECTED]> wrote:
> Anderson Nadal wrote:
> > -BEGIN PGP SIGNED MESSAGE-
> > Hash: SHA1
> >
> > Hello.
> >
> > I have the same problem.
> >
> ...
> >
> > Take a look in your date/time, maybe it
Anderson Nadal wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Hello.
>
> I have the same problem.
>
...
>
> Take a look in your date/time, maybe it's the reason of your strange
> carp issues.
...
I thought of that too. If time changed by a
your date/time, maybe it's the reason of your strange
carp issues.
[]'s
Nadal
Bryan Irvine wrote:
> Thought so. Had the same problem. Never got them working with
> CARP.
>
> There's some threads in the archives, but they probably won't help
> since there is ap
Thought so. Had the same problem. Never got them working with CARP.
There's some threads in the archives, but they probably won't help
since there is apparently no solution.
--Bryan
On 3/15/06, Steven S <[EMAIL PROTECTED]> wrote:
> Bryan Irvine wrote:
> > I don't suppose you are using a quad c
Bryan Irvine wrote:
> I don't suppose you are using a quad card of some kind are you?
>
>
...
Three dual cards, dmesg (extracted from /var/log/messages) below:
OpenBSD 3.8-stable (GENERIC.MP) #0: Thu Jan 5 03:55:53 EST 2006
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC.MP
cpu0: I
I don't suppose you are using a quad card of some kind are you?
On 3/15/06, Steven S <[EMAIL PROTECTED]> wrote:
> I have two firewalls (FW1 & FW2) with multiple carp interfaces on an
> external interface (carp1, carp12, carp14, carp15, carp16, carp17, carp18,
> carp19, carp20). FW1 has all carp
I have two firewalls (FW1 & FW2) with multiple carp interfaces on an
external interface (carp1, carp12, carp14, carp15, carp16, carp17, carp18,
carp19, carp20). FW1 has all carp interfaces set with advbase 1 advskew 0
and FW2 has all carp interfaces with advbase 1 advskew 180. Frequently FW2
thin
25 matches
Mail list logo
