CARP forcing failover

Markus Gebert markus.gebert at hostpoint.ch
Wed Mar 1 10:33:41 UTC 2017 

> On 1 Mar 2017, at 01:58, Aristedes Maniatis <ari at ish.com.au> wrote:
> 
> I have a pair network gateway boxes running FreeBSD 11 and pf. Upstream runs VRRP to provide redundant links, one to each gateway. Internally I'm using CARP for failover.
> 
> All works well, but I find that manually failing over the link is a bit complicated. In short I have this:
> 
> em0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
> 	media: Ethernet autoselect (100baseTX <full-duplex>)
> 	status: active
> 	carp: BACKUP vhid 1 advbase 1 advskew 50
> igb0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
> 	media: Ethernet autoselect (1000baseT <full-duplex>)
> 	status: active
> 	carp: BACKUP vhid 2 advbase 1 advskew 50
> igb0.2: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
> 	status: active
> 	vlan: 2 vlanpcp: 0 parent interface: igb0
> 	carp: BACKUP vhid 3 advbase 1 advskew 50
> 	groups: vlan
> 
> That's two internal vlans and one external network. Each interface has its own vhid since that's the advice I had in the past.
> 
> Now, what command can I type that I could run remotely (SSH over the em0 link) to force all the CARP addresses simultaneously to decrease the advskew and become MASTER. Alternatively I could run something on the MASTER to make it BACKUP. Everything I've done so far is one command per interface which has got me in trouble before as I manage to accidentally remove my own access to the box before I'm done.

You may look into this sysctl:

# sysctl -d net.inet.carp.demotion
net.inet.carp.demotion: Adjust demotion factor (skew of advskew)

Its value gets changed automatically if some event occurs (look into net.inet.carp.ifdown_demotion_factor, net.inet.carp.senderr_demotion_factor, net.pfsync.carp_demotion_factor), but you may also control it manually. A positive value value will increase the advskew of _all_ CARP announcements (on the wire, not visible with ifconfig IIRC) and therefore reduce the priority of the node. A negative value will of course do the opposite. Like this you can raise/lower the advskew above/below the other node and trigger a failover. net.inet.carp.preempt must be 1 on both nodes for this to have an immediate effect.

Beware that net.inet.carp.demotion expects _relative_ values when altered through the sysctl interface. So 'sysctl net.inet.carp.demotion=100' will increase its current value by 100 and 'sysctl net.inet.carp.demotion=-100' will decrease its current value by 100.


Markus

More information about the freebsd-stable mailing list