CARP broken on -CURRENT?
Ian FREISLICH
ianf at clue.co.za
Thu Jul 16 19:04:24 UTC 2009
Xin LI wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Ian FREISLICH wrote:
> [...]
> > I have noticed that if there are multiple IP addresses on the carp
> > interface and these are configured in a different order on each
> > host, the you can expect messages like the following:
> >
> > Jun 9 23:56:29 firewall2 kernel: carp15: incorrect hash
> > Jun 9 23:56:30 firewall2 kernel: carp15: incorrect hash
> > Jun 9 23:56:31 firewall2 kernel: carp15: incorrect hash
> > Jun 9 23:56:32 firewall2 kernel: carp15: incorrect hash
> >
> > And both hosts will claim MASTER status.
>
> This reminded me... I've set net.inet.carp.log=2 now but except some
> bad CARP packets on the outside (12.xxx.xxx.112/28) network due to VRRP
> router, I didn't saw any complain about incorrect hash. Are you using
> "pass" parameter when setting up CARP?
Yes, I use pass. There are many untrusted hosts on my network.
Taking another look at the manual page, I think that the behaviour
you're seeing is expected. Try setting advbase to the same on all
vhids on both hosts. Use advskew to set a preference for one of
your servers. Use advbase to determine how quickly a failure will
be detected.
To use carp, the administrator needs to configure at minimum
a common virtual host ID (VHID) and virtual host IP address
on each machine which is to take part in the virtual group.
Additional parameters can also be set on a per-interface basis:
advbase and advskew, which are used to control how frequently
the host sends advertisements when it is the master for a
virtual host, and pass which is used to authenticate carp
advertisements.
Ian
--
Ian Freislich
More information about the freebsd-current
mailing list