Using CARP with multiple IP aliases (FBSD 10.0)

Freddie Cash fjwcash at gmail.com
Thu Sep 11 17:05:16 UTC 2014 

On Thu, Sep 11, 2014 at 9:34 AM, Steven Hartland <killing at multiplay.co.uk>
wrote:

> I can't say I've used it in that way and I'm not sure how carp decides how
> to fail over when it has multiple IP's available.
>

​I'm hoping, and my testing appears to corroborate, that it fails based on
the interface state, and all IPs transfer over at once (CARP systctl set to
fail everything at once if any one interface state changes).​


> I can confirm you don't need all the params when adding an IP to vhid.
> so you can for example configure the vhid and then add the IP's or do
> as you have done and configure it on the first IP.
>

​That's good to hear.  Will simplify things a bit.​


> Best thing to do is try it and see.
>

​That's scheduled for tomorrow morning.  :)  I'll try it first with only
setting pass/advskew on the vhid once, and just adding the alias IPs to the
vhid.  If that doesn't fix things, then I'll try with a separate vhid per
IP.


The reason I was asking about this is that I have a pair of systems in
place now (sys1 and sys2, with sys1 configured with advskew 1 to make it
always master) where everything works wonderfully for between 5 and 15
minutes.

If I down an interface on sys1, or physically remove a cable from sys1,
everything fails over to sys2 and traffic continues normally.​

​  If I bring the interface back up on sys1, then everything fails back
over to sys1 and traffic continues.

After 5-15 minutes, though, igb0 on both boxes switches to master state.
 :(  igb1, igb2, and igb3 on sys2 all stay in backup state.  And then
traffic slows to a crawl as the upstream switch gets confused and sends
packets​ randomly between the two hosts.

Manually changing state to backup on igb0 on sys2 fixes things for about 3
seconds, and then it switches back to master.

Once this happens, tcpdump on both systems only shows VRRPv2 packets from
sys1, nothing from sys2.​  I have to reboot sys2 in order to get things
working again.

As I said, this is the first time I've used CARP with multiple shared IPs
on an interface (NAT firewall), so I may be doing things "wrong" or
non-optimally.  :)


-- 
Freddie Cash
fjwcash at gmail.com

More information about the freebsd-stable mailing list