Fwd: pf + pfsync + carp testing ...
Matthew Grooms
mgrooms at seton.org
Tue Mar 1 18:08:25 GMT 2005
Thanks Max and Gleb. You have been a great help. The patch applied
cleanly and compiled fine. After configuring a few carp interfaces, they
seem to fail over well. I am curious though, is CARP designed to have
interfaces fail over individually or as a group?
For example ...
box1 & box2
em0 -> carp0 -> External
em1 -> carp1 -> Internal
em2 -> carp2 -> DMZ
If box1 is master for all interfaces when then its em2 goes down, only
carp2 on box2 becomes master and assumes the service address? Box1 is
still master for carp0 and carp1. Doesn't this cause problems when
traffic passes in carp0 ( still master on box1 ) and needs to be
forwarded out carp2?
Also, when I configure a carp interface on the command line I do
something like ...
ifconfig carp0 create 192.168.253.1 \
netmask 255.255.255.0 vhid 1 advskew 1
but when I place the equivalent line in rc.conf as ...
ifconfig_carp0="create 192.168.253.1 \
netmask 255.255.255.0 vhid 1 advskew 1"
and reboot the box, it does not seem to take. Any suggestions?
Matthew Grooms
Network Engineer
Seton Healthcare Network
mgrooms at seton.org
(512) 324 9913
Max Laier wrote:
> On Monday 28 February 2005 22:54, Matthew Grooms wrote:
> <...>
>
>>Is the ifconfig change part of the patch located at ...
>>
>>http://people.freebsd.org/~glebius/totest/carp-RELENG_5-patch
>>
>>... as I have not applied it yet. I assumed the pfsync ifconfig changes
>>were already in the RELENG_5 branch. Did I make a poor assumption?
>
>
> Okay, looks like this is confusing. You are not to blame for this, Matthew!
>
> Here is a walkthrough for testing this:
> 0) Patch is located in your home directory. You should know what to fill in
> for <cvs_repo> (anoncvs at ... or /some/path).
> 1) Checkout a *clean* RELENG_5
> $ cd /usr && rm -rf src && cvs -d <cvs_repo> co -rRELENG_5 src
> 2) Apply the patch:
> $ cd /usr/src && patch -p0 < ~/carp-RELENG_5-patch
> Note the -p0 to get new files.
> 3) Look for rejects:
> $ find . -name \*.rej
> 4) Normal {build, install}{world, kernel} dance.
>
> Hope this helps.
>
More information about the freebsd-pf
mailing list