CARP interfaces and mastership issue
Brian Seklecki (Mobile)
lavalamp at probikesllc.com
Thu Sep 15 16:39:37 UTC 2011
> Things went smoothly but when we brought the production VLANs up again
> at layer 2 on the switches, when spanning-tree converged we had again a
> double MASTER problem.
In older versions of FBSD, creating logical interfaces like vlan(4) and
carp(4) had an nasty inadvertent side effect of toggling the state of the
underlying phyiscal interface.
This may be fixed in newer version.
This would then then cause STP to reset on the switchport which can take
up to 50 seconds to restore.
In the mean time, the backup host hasn't heard from the master and assume
the role of master.
You can try turning on switchport spanning-tree portfast on your backup
system which should cut down this time signifantly.
If you can assure that no STP BPDUs will be announced from your CARP
system, then its probably safe to run PortFast on a trunk.
The same is true after a reboot.
Maybe hack the RC script to force the CARP interfaces on your backup to
stay down at boot time for an extra 10/15 seconds
> I understand I could have avoided it by destroying/recreating the CARP
> interfaces, but even in this case there is a split second during which
> both firewalls are CARP MASTER.
> Is there any way to force CARP to assume INIT state for some time when
> coming up, and only after X seconds either become MASTER or BACKUP ?
> Any other idea how to solve this, guys ?
> freebsd-stable at freebsd.org mailing list
> To unsubscribe, send any mail to "freebsd-stable-unsubscribe at freebsd.org"
More information about the freebsd-stable