Oddities with VLAN/CARP Interfaces on Primary/Failover Setup

Christopher Cowart ccowart at rescomp.berkeley.edu
Fri Oct 17 16:37:20 PDT 2008 

Mike Sweetser - Adhost wrote:
> We currently have a primary/failover setup for two FreeBSD 6.3 servers
> running PF, and we're running into odd issues when setting up multiple
> subnets on a single VLAN and CARP interface.  We have issues with them
> coming up properly, and even worse, having both servers believe they are
> master. 

If both instances think they're MASTER, make sure you're allowing the
multicast traffic for syncing state (in ipfw):

| allow carp from $partner to 224.0.0.18 in via $iface

Carp is protocol 112 from /etc/protocols.

> Here's a snippet of one of the VLANs and CARP interfaces in question:
> 
> ifconfig_vlan10="inet 10.142.255.252 netmask 255.255.0.0 vlan 10 vlandev
> em2"                  
> ifconfig_vlan10_alias0="inet 10.210.0.2 netmask 255.255.0.0"
> ifconfig_carp10="inet 10.142.255.254 netmask 255.255.0.0 vhid 10 advskew
> 0 pass testpass"      
> ifconfig_carp10_alias0="inet 10.210.0.1 netmask 255.255.0.0"
> 
> The main difference between this and our other VLAN/CARP interfaces is
> that because it's separate subnets, the aliases here are set up with /16
> netmasks, while the regular aliases on the others are set up with /32s.
> Is this correct, or should these also be set as /32s?

It's correct. If you did a /32 on the alias, your system would have no
way of knowing how large the second subnet is. The /32 netmask is for
adding an alias on the same subnet.

I'm not sure carp can work correctly with aliases. Have you tried
creating a separate vhid instance per subnet?

For example:

| ifconfig_vlan10="inet 10.142.255.252 netmask 255.255.0.0 vlan 10 vlandev em2"
| ifconfig_vlan10_alias0="inet 10.210.0.2 netmask 255.255.0.0"
| ifconfig_carp10="inet 10.142.255.254 netmask 255.255.0.0 vhid 10 advskew
|     0 pass testpass"
| ifconfig_carp11="inet 10.210.0.1 netmask 255.255.0.0 vhid 11 advskew
|     0 pass testpass"

-- 
Chris Cowart
Network Technical Lead
Network & Infrastructure Services, RSSP-IT
UC Berkeley
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20081017/faded669/attachment.pgp

More information about the freebsd-questions mailing list