Re: Networking - CARP interfaces

看板FB_stable作者時間14年前 (2011/06/15 02:01), 編輯推噓0(000)
留言0則, 0人參與, 最新討論串3/6 (看更多)
On 06/14/2011 01:00 PM, Damien Fleuriot wrote: > > I can confirm that this scenario causes problems, see below: > > ### ON FIREWALL 1 , carp master for carp0, carp1, carp2 > carp2: flags=49<UP,LOOPBACK,RUNNING> metric 0 mtu 1500 > inet 192.168.224.254 netmask 0xffffff00 > carp: MASTER vhid 224 advbase 1 advskew 50 > > > ### ON FIREWALL 2 , carp backup for carp0, carp1, carp2 > carp2: flags=49<UP,LOOPBACK,RUNNING> metric 0 mtu 1500 > inet 192.168.234.254 netmask 0xffffff00 > carp: BACKUP vhid 234 advbase 1 advskew 100 > > > Now, I add a dummy IP to carp2 on FIREWALL 2, which is supposedly backup: > > ifconfig carp2 inet 192.168.234.207 alias > > Result: > > ### ON FIREWALL 1, carp master for carp0, carp1, carp2 > carp2: flags=49<UP,LOOPBACK,RUNNING> metric 0 mtu 1500 > inet 192.168.224.254 netmask 0xffffff00 > carp: MASTER vhid 224 advbase 1 advskew 50 > > ### ON FIREWALL 2, carp backup for carp0, carp1, but no longer carp2 > carp2: flags=49<UP,LOOPBACK,RUNNING> metric 0 mtu 1500 > inet 192.168.234.254 netmask 0xffffff00 > inet 192.168.234.207 netmask 0xffffff00 > carp: MASTER vhid 234 advbase 1 advskew 100 > > > After I remove the extraneous IP, the interface becomes backup again: > > > # This was a long time ago > carp0: MASTER -> BACKUP (more frequent advertisement received) > carp0: link state changed to DOWN > carp2: MASTER -> BACKUP (more frequent advertisement received) > carp2: link state changed to DOWN > carp1: MASTER -> BACKUP (more frequent advertisement received) > carp1: link state changed to DOWN > carp2: link state changed to DOWN > # This was when I ran my tests > carp2: INIT -> MASTER (preempting) > carp2: link state changed to UP > carp2: MASTER -> BACKUP (more frequent advertisement received) > carp2: link state changed to DOWN Did you give this enough time to reasonably settle? Sometimes when the interfaces initially come up, they will become MASTER for a bit before backing down. > This entails that hosts in a given carp vhid must have the exact same IP > addresses configured on that interface. > > While this is perfectly understandable in a master-backup scenario, this > is a bit more annoying for us in a master-backup + backup-backup > scenario with 2 datacenters. > > I'll just have to adapt and ensure they have the same IP addresses then. I have a suspicion that the important part may be the number of IP addresses on the CARP interface. If CARP sends an advertisement from each IP alias on a CARP interface, then I think that would explain what you are seeing - and also possibly give you a workaround by adding two more bogus IPs on your primary datacenter firewalls (where IPs W and Z are normally missing). - Steve _______________________________________________ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "freebsd-stable-unsubscribe@freebsd.org"
更多 korvus. 的文章
文章代碼(AID): #1Dzw7d89 (FB_stable)
更多 korvus. 的文章
文章代碼(AID): #1Dzw7d89 (FB_stable)