carp(4) on FreeBSD 8.2

Matt Mullins mokomull at
Wed Dec 14 19:47:01 UTC 2011

I've used carp very successfully in the past, both in the standard
mode and ARP load-balancing mode, to build fail-over sets of
firewalls.  It worked well enough that one of our firewalls was down
for a week before we noticed (and none of our clients did).  I just
did a mock-up of your scenario on a system at home (using the GENERIC
kernel), and it seemed to work for me.

I see you have a managed switch; you might see if some features like
port security are disabled for that port.

> What is even more strange, tcpdump on le0 does not even see ICMP echo
> requests addressed to

That is strange.  You might try "tcpdump -nevvv -i <interface> host" on the sending system and see if it's even sending the
packets at all.

If there's a remote chance that something else is using carp or VRRP
on that network, you might try using a different VHID.

Hope I can help,
Matt Mullins

More information about the freebsd-questions mailing list