From analysis of a simple ifstated.conf to more compex example
Damien Fleuriot
ml at my.gd
Tue Feb 21 10:54:05 UTC 2012
Yes, I do mean you can have several IPs on a single CARP interface, see
the example below:
carp17: flags=49<UP,LOOPBACK,RUNNING> metric 0 mtu 1500
inet 46.182.41.72 netmask 0xffffffff
inet 46.182.41.76 netmask 0xffffffff
inet 46.182.41.77 netmask 0xffffffff
inet 46.182.41.78 netmask 0xffffffff
inet 46.182.41.79 netmask 0xffffffff
inet 46.182.41.80 netmask 0xffffffff
inet 46.182.41.81 netmask 0xffffffff
inet 46.182.41.82 netmask 0xffffffff
inet 46.182.41.83 netmask 0xffffffff
carp: MASTER vhid 117 advbase 1 advskew 100
See the rc.conf bit where I set the IPs:
# WAN CARP
ipv4_addrs_carp17="46.182.41.72/32 46.182.41.76/32 46.182.41.77/32
46.182.41.78/32 46.182.41.79/32 46.182.41.80/32 46.182.41.81/32
46.182.41.82/32 46.182.41.83/32"
ifconfig_carp17="vhid 117 pass [removed] advskew 100"
Regarding dedicating a given IP to a given service, you are supposed to
do that in the service's configuration, when telling it which IP address
to bind to.
You can also use pf or ipfw to filter the services allowed on a given IP.
On 2/21/12 11:48 AM, peter knezel wrote:
> Do ypu mean that only carp0 is defined on both servers and it has
> three different IPs?
> How is it possible to define them so they are set for ftp, tftp and
> scp separately for the defined IPs?
>
> Kind regards,
>
> Peter
>
> On 21/02/2012, Damien Fleuriot <ml at my.gd> wrote:
>> To be honest, I'm not sure it's a good idea to use different *interfaces*.
>>
>> Why don't you set multiple IPs on a single carp interface instead ?
>>
>> On 21 Feb 2012, at 08:29, peter knezel <peter.knezel at gmail.com> wrote:
>>
>>> Hello Damien,
>>>
>>> preemption is set on both systems, so when master server goes down or
>>> any CARP interface on master
>>> goes down, slave becomes master (but only on the CARP interface if
>>> only that went down).
>>>
>>> Can you have a look at my previous question??:
>>> if the different carp interfaces
>>> are used for different purpose (ftp, tftp, scp), is it a good idea to
>>> put down all of them, if they are able to serve their purpose?
>>>
>>>
>>> Thanks and kind regards,
>>>
>>> Peter
>>>
>>> On 16/02/2012, Damien Fleuriot <ml at my.gd> wrote:
>>>> Preemption is used to ensure that, if a CARP interface goes down on host
>>>> A, host B will then assume mastership for all interfaces.
>>>>
>>>> It prevents the nasty situation where you'd have, for example:
>>>>
>>>> Public IP: master on host A
>>>> Private IP: master on host B
>>>>
>>>> servers behind firewalls hosts A and B:
>>>> - traffic arrives on host A which creates a PF state
>>>> - servers reply via their default gateway, the CARP IP now master on host
>>>> B
>>>>
>>>> Host B doesn't have a state for the traffic, drops it.
>>>>
>>>>
>>>> To enable preemption you need to run sysctl net.inet.carp.preempt=1 and
>>>> add the corresponding line to your sysctls file in etc.
>>>>
>>>>
>>>> On 2/15/12 7:04 PM, peter knezel wrote:
>>>>> Well,
>>>>>
>>>>> I am not fully familiar with CARP, but if the different carp interfaces
>>>>> are used for different purpose (ftp, tftp, scp), is it a good idea to
>>>>> put down all of them, if they are able to serve their purpose?
>>>>>
>>>>> BTW, what is CARP preemption and how is it possible to enable it?
>>>>>
>>>>> Kind regards,
>>>>>
>>>>> Peter
>>>>>
>>>>> On 15 February 2012 18:25, Damien Fleuriot <ml at my.gd <mailto:ml at my.gd>>
>>>>> wrote:
>>>>>
>>>>> Sorry about the late reply, didn't see yours.
>>>>>
>>>>> What about enabling CARP preemption to ensure that when a carp
>>>>> interface
>>>>> goes down, the whole set does ?
>>>>>
>>>>>
>>>>> On 2/7/12 9:13 PM, peter knezel wrote:
>>>>>> Hello Damien,
>>>>>>
>>>>>> I did read your example but cannot get idea from it.
>>>>>> For three interfaces you have much more possibilities.
>>>>>>
>>>>>> Imagine you start the server from uuu state which is equal to
>>>>>> net = '( "ifconfig -a -u |grep carp0 > /dev/null" every 3 &&
>>>>> "ifconfig -a -u
>>>>>> |grep carp1 > /dev/null" every 3 && "ifconfig -a -u |grep carp2 >
>>>>> /dev/null"
>>>>>> every 3)'
>>>>>>
>>>>>> Now you put down one carp interface - so system is in state :
>>>>>> *state one:*
>>>>>> (duu) || (udu) || (uud) <----which is same as !$net
>>>>>> run script1.sh
>>>>>> go to twoff
>>>>>>
>>>>>> now imagine, you put down any other carp interface:
>>>>>> *state twoff: *
>>>>>> (dud) || (ddu) || (udd)
>>>>>> run script2.sh
>>>>>> go to two
>>>>>>
>>>>>> *state two: *
>>>>>> put all interfaces up
>>>>>> run script3.sh
>>>>>> go to state one
>>>>>>
>>>>>> it means, this is one of the possibilities system can behave (this
>>>>>> situation does not describe all possible states - I have taken this
>>>>>> special example.)
>>>>>>
>>>>>> Now if you want to put up after putting down one carp interface, you
>>>>>> fail since it is in state twoff.
>>>>>> Only of you put down second carp interface it goes to state two and
>>>>> if
>>>>>> you put both up, it will go to state one.
>>>>>>
>>>>>> This is where my ifstated.conf fails to work.
>>>>>>
>>>>>> Kind regards,
>>>>>>
>>>>>> Peter Knezel
>>>>>>
>>>>>>
>>>>>> On 7 February 2012 17:02, Damien Fleuriot <ml at my.gd
>>>>> <mailto:ml at my.gd> <mailto:ml at my.gd <mailto:ml at my.gd>>>
>>>>>> wrote:
>>>>>>
>>>>>> On 2/7/12 3:36 PM, peter knezel wrote:
>>>>>>> Hello all,
>>>>>>>
>>>>>>> I would like to ask somebody to explain me how the ifstated
>>>>> works
>>>>>> according to
>>>>>>> the following configuration file.
>>>>>>> I have three virtual carp interfaces carp0,carp1 and carp2.
>>>>>>>
>>>>>>> I try to understand the following setting:
>>>>>>> The server is in state one (all carp interfaces are up) and
>>>>> if there
>>>>>>> is carp down of any:
>>>>>>> one (carp0 or carp1 or carp2),
>>>>>>> two ([carp0 and carp1] or [carp0 and carp2] or [carp1 and
>>>>> carp2]),
>>>>>>> three interfaces (carp 0 and carp1 and carp2), server
>>>>>>> runs the script testdown.sh and put the server into state two.
>>>>>>> If all carp interfaces are up, the server runs the testup.sh
>>>>> and set
>>>>>>> the state to one.
>>>>>>>
>>>>>>
>>>>>> That is my understanding.
>>>>>>
>>>>>>
>>>>>>> Is it the way the system works?
>>>>>>> Or am I wrong?
>>>>>>>
>>>>>>> ===
>>>>>>> init-state one
>>>>>>>
>>>>>>> net = '( "ifconfig -a -u |grep carp0 > /dev/null" every 3 &&
>>>>>> "ifconfig -a -u
>>>>>>> |grep carp1 > /dev/null" every 3 && "ifconfig -a -u |grep
>>>>> carp2 >
>>>>>> /dev/null"
>>>>>>> every 3)'
>>>>>>>
>>>>>>> state one {
>>>>>>> if ( ! $net ) {
>>>>>>> run "/usr/local/testdown.sh"
>>>>>>> set-state two
>>>>>>> }
>>>>>>> }
>>>>>>>
>>>>>>> state two {
>>>>>>> if ( $net ) {
>>>>>>> run "/usr/local/testup.sh"
>>>>>>> set-state one
>>>>>>> }
>>>>>>> }
>>>>>>> ===
>>>>>>>
>>>>>>> Is there any possibility to define and set ifstated.conf that
>>>>>> reacts when:
>>>>>>>
>>>>>>> any one of the carp interfaces is down - followed by
>>>>> another any
>>>>>>> other carp interface down
>>>>>>>
>>>>>>>
>>>>>>> I tried to define states:
>>>>>>>
>>>>>>> duu ="!carp0.link.up && carp1.link.up && carp2.link.up"
>>>>>>> udu ="carp0.link.up && !carp1.link.up && carp2.link.up"
>>>>>>> uud ="carp0.link.up && carp1.link.up && !carp2.link.up"
>>>>>>> ddu ="!carp0.link.up && !carp1.link.up"
>>>>>>> dud ="!carp0.link.up && !carp2.link.up"
>>>>>>> udd ="!carp1.link.up && !carp2.link.up"
>>>>>>>
>>>>>>> and used them but somehow I cannot incorporate all state
>>>>> changes and
>>>>>>> include it in ifstated.conf.
>>>>>>>
>>>>>>
>>>>>>
>>>>>> Works fine here, did you not have any luck with the file I
>>>>> posted
>>>>>> earlier ?
>>>>>> _______________________________________________
>>>>>> freebsd-questions at freebsd.org
>>>>> <mailto:freebsd-questions at freebsd.org>
>>>>> <mailto:freebsd-questions at freebsd.org
>>>>> <mailto:freebsd-questions at freebsd.org>>
>>>>>> mailing list
>>>>>> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
>>>>>> To unsubscribe, send any mail to
>>>>>> "freebsd-questions-unsubscribe at freebsd.org
>>>>> <mailto:freebsd-questions-unsubscribe at freebsd.org>
>>>>>> <mailto:freebsd-questions-unsubscribe at freebsd.org
>>>>> <mailto:freebsd-questions-unsubscribe at freebsd.org>>"
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>
>>
More information about the freebsd-questions
mailing list