system locks up with vr driver on alix board

Ask Bjørn Hansen ask at develooper.com
Wed Aug 17 00:15:09 UTC 2011 

On Aug 16, 2011, at 11:15, Mike Tancsa wrote:

>> An hour or two after the log stopped showing; the system stopped routing packets, but frustratingly kept sending CARP messages out so the secondary firewall didn't pick up the IP addresses to take over.
>> 
>> Any ideas?
> 
> Not sure if CARP has something to do with it as I have quite a few
> RELENG_8 boxes out there running on Alix boxes (2 and 3 port as well as
> Soekris 5501s).

Yeah, there must be thousands!

> But I think the 7.4 and 8.2 drivers for vr are essentially the same. That being said, there are some updates in RELENG_8 to the driver. Not sure if that makes any difference to your issue.
> 
> http://svnweb.freebsd.org/base?view=revision&revision=223681

Yeah - none of that looks relevant.  Indeed I'm not even sure that it has anything to do with the vr driver -- that's just the only potential symptom that I could find.  I've stripped down those boxes so they really don't do anything more than routing (from vr interfaces) and firewall (with pf).  The only daemons running (other than getty and sshd) are ntpd and radvd.

One of them just imploded in this way again (and it's a new board, so I'm pretty sure it's not a hardware problem).  I now disabled OpenVPN (it was idle already), an unnecessary VLAN and made the configuration as simple as it can be and still work -- I am including it in full (with un-obfuscated IP addresses to make sure I don't hide any potential problem).

Some years ago I recall trouble running carp on vlan interfaces.  Is it possible that's back in some way?


 - ask

-- 
http://develooper.com/ - http://askask.com/


sshd_enable="YES"
ntpd_enable="YES"
ntpd_flags="-p /var/run/ntpd.pid -f /etc/ntp/ntpd.drift -g"

hostname="gw-b.dev"
ipv6_enable="YES"
radvd_enable="YES"

ifconfig_vr0="inet 207.171.2.196/29"
ipv6_ifconfig_vr0="2607:F238:0:11::4/125"
ifconfig_vr1="inet 207.171.7.3/24"
ipv6_ifconfig_vr1="2607:f238:3::3/64"

ifconfig_vr2="up"
ifconfig_lo0_alias1="inet 127.0.0.3"

ifconfig_vlan1="inet 10.77.73.2/29  vlan 103 vlandev vr2"
ifconfig_vlan2="inet 10.0.100.3/24  vlan 102 vlandev vr2"

ifconfig_carp0="vhid 110 advskew 120 pass aherjkhfare 207.171.2.194/29"
ifconfig_carp1="vhid 111 advskew 120 pass j798gyuhjks 207.171.7.1/24"
ifconfig_carp2="vhid 112 advskew 120 pass 5783jkdfssd 10.0.100.1/24"
ifconfig_carp4="vhid 114 advskew 120 pass ketrjhstres 10.0.100.254/24"

ipv6_ifconfig_carp0="2607:F238:0:11::2/125"
ipv6_ifconfig_carp1="2607:F238:3::1/64"

defaultrouter="207.171.2.193"
ipv6_defaultrouter="2607:F238:0:11::1"

pfsync_enable="YES"
pfsync_syncdev="vlan1"

cloned_interfaces="vlan1 vlan2 vlan3 carp0 carp1 carp2 carp3 carp4 carp60 carp61 carp63"

gateway_enable="YES"
ipv6_gateway_enable="YES"

pf_enable="YES"
pflog_enable="NO"

More information about the freebsd-net mailing list