On 4/28/07, Dag Richards <[EMAIL PROTECTED]> wrote:
>
> I have had this problem before where two systems each claim to be
> master on only one of the shared subnets. My problem was one system had
> an alias on the carp iface that the other did not. Do an ifconfig of
> the physical ifaces and the carp iface on each box, so it shows all the
> configured aliases. Your dump is showing some source addrs that do not
> appear in the config you submitted for inspection.
>
> mismatched addresses and netmasks can create the situation I believe you
> are describing.
Yeah, that's what confusing me. Addresses, broadcast and netmasks
all seems to be correct. Still scratching my head trying to work out what's
wrong.
On host A...
# ifconfig -A
lo0: flags=8149<UP,LOOPBACK,RUNNING,PROMISC,MULTICAST> mtu 33224
groups: lo
inet 127.0.0.1 netmask 0xff000000
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x9
em0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
lladdr 00:04:23:c0:da:dc
description: World core switch uplink 1
media: Ethernet 100baseTX full-duplex
status: active
inet 192.168.108.4 netmask 0xffffff00 broadcast 192.168.108.255
inet6 fe80::204:23ff:fec0:dadc%em0 prefixlen 64 scopeid 0x1
em1: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
lladdr 00:04:23:c0:da:dd
description: PST Planets/Seasons/etc
media: Ethernet 100baseTX full-duplex
status: active
inet 10.108.192.4 netmask 0xffffc000 broadcast 10.108.192.255
inet6 fe80::204:23ff:fec0:dadd%em1 prefixlen 64 scopeid 0x2
em2: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
lladdr 00:04:23:d0:46:86
description: Techdev Admin Desktops
media: Ethernet 100baseTX full-duplex
status: active
inet 10.108.130.4 netmask 0xffffff00 broadcast 10.108.130.255
inet6 fe80::204:23ff:fed0:4686%em2 prefixlen 64 scopeid 0x3
em3: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
lladdr 00:04:23:d0:46:87
description: DRIVES Dev Servers
media: Ethernet 100baseTX full-duplex
status: active
inet 10.108.128.4 netmask 0xffffff00 broadcast 10.0.0.255
inet6 fe80::204:23ff:fed0:4687%em3 prefixlen 64 scopeid 0x4
em4: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
lladdr 00:08:74:2a:4e:15
description: crossover carp/pfsync to angelbot5
media: Ethernet 100baseTX full-duplex
status: active
inet 192.168.1.4 netmask 0xffffff00 broadcast 192.168.1.255
inet6 fe80::208:74ff:fe2a:4e15%em4 prefixlen 64 scopeid 0x5
pflog0: flags=141<UP,RUNNING,PROMISC> mtu 33224
pfsync0: flags=41<UP,RUNNING> mtu 1460
pfsync: syncdev: em4 syncpeer: 192.168.1.5 maxupd: 128
groups: carp
enc0: flags=0<> mtu 1536
carp0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
lladdr 00:00:5e:00:01:04
carp: MASTER carpdev em0 vhid 4 advbase 1 advskew 0
groups: carp
inet6 fe80::200:5eff:fe00:104%carp0 prefixlen 64 scopeid 0xa
inet 192.168.108.2 netmask 0xffffff00 broadcast 192.168.108.255
carp1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
lladdr 00:00:5e:00:01:01
carp: MASTER carpdev em1 vhid 1 advbase 1 advskew 0
groups: carp
inet6 fe80::200:5eff:fe00:101%carp1 prefixlen 64 scopeid 0xb
inet 10.108.192.1 netmask 0xffffc000 broadcast 10.108.192.255
carp2: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
lladdr 00:00:5e:00:01:02
carp: MASTER carpdev em2 vhid 2 advbase 1 advskew 0
groups: carp
inet6 fe80::200:5eff:fe00:102%carp2 prefixlen 64 scopeid 0xc
inet 10.108.130.1 netmask 0xffffff00 broadcast 10.108.130.255
carp3: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
lladdr 00:00:5e:00:01:03
carp: MASTER carpdev em3 vhid 3 advbase 1 advskew 0
groups: carp
inet6 fe80::200:5eff:fe00:103%carp3 prefixlen 64 scopeid 0xd
inet 10.108.128.1 netmask 0xffffff00 broadcast 10.108.128.255
On host B...
# ifconfig -A
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 33224
groups: lo
inet 127.0.0.1 netmask 0xff000000
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x9
em0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
lladdr 00:04:23:c1:fe:4a
description: World core switch uplink
media: Ethernet 100baseTX full-duplex
status: active
inet 192.168.108.5 netmask 0xffffff00 broadcast 192.168.108.255
inet6 fe80::204:23ff:fec1:fe4a%em0 prefixlen 64 scopeid 0x1
em1: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
lladdr 00:04:23:c1:fe:4b
description: PST Planets/Seasons/etc.
media: Ethernet 100baseTX full-duplex
status: active
inet 10.108.192.5 netmask 0xffffc000 broadcast 10.108.192.255
inet6 fe80::204:23ff:fec1:fe4b%em1 prefixlen 64 scopeid 0x2
em2: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
lladdr 00:04:23:c1:f5:58
description: Techdev Admin Desktops
media: Ethernet 100baseTX full-duplex
status: active
inet 10.108.130.5 netmask 0xffffff00 broadcast 10.108.130.255
inet6 fe80::204:23ff:fec1:f558%em2 prefixlen 64 scopeid 0x3
em3: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
lladdr 00:04:23:c1:f5:59
description: DRIVES Dev Servers
media: Ethernet 100baseTX full-duplex
status: active
inet 10.108.128.5 netmask 0xffffff00 broadcast 10.0.0.255
inet6 fe80::204:23ff:fec1:f559%em3 prefixlen 64 scopeid 0x4
em4: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
lladdr 00:08:74:2a:6e:65
description: crossover for carp/pfsync to angelbot4
media: Ethernet 100baseTX full-duplex
status: active
inet 192.168.1.5 netmask 0xffffff00 broadcast 192.168.1.255
inet6 fe80::208:74ff:fe2a:6e65%em4 prefixlen 64 scopeid 0x5
pflog0: flags=141<UP,RUNNING,PROMISC> mtu 33224
pfsync0: flags=41<UP,RUNNING> mtu 1460
pfsync: syncdev: em4 syncpeer: 192.168.1.4 maxupd: 128
groups: carp
enc0: flags=0<> mtu 1536
carp0: flags=8802<BROADCAST,SIMPLEX,MULTICAST> mtu 1500
lladdr 00:00:5e:00:01:04
carp: INIT carpdev em0 vhid 4 advbase 1 advskew 100
groups: carp
inet6 fe80::200:5eff:fe00:104%carp0 prefixlen 64 scopeid 0xa
inet 192.168.108.2 netmask 0xffffff00 broadcast 192.168.108.255
carp1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
lladdr 00:00:5e:00:01:01
carp: BACKUP carpdev em1 vhid 1 advbase 1 advskew 100
groups: carp
inet6 fe80::200:5eff:fe00:101%carp1 prefixlen 64 scopeid 0xb
inet 10.108.192.1 netmask 0xffffc000 broadcast 10.108.192.255
carp2: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
lladdr 00:00:5e:00:01:02
carp: BACKUP carpdev em2 vhid 2 advbase 1 advskew 100
groups: carp
inet6 fe80::200:5eff:fe00:102%carp2 prefixlen 64 scopeid 0xc
inet 10.108.130.1 netmask 0xffffff00 broadcast 10.108.130.255
carp3: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
lladdr 00:00:5e:00:01:03
carp: BACKUP carpdev em3 vhid 3 advbase 1 advskew 100
groups: carp
inet6 fe80::200:5eff:fe00:103%carp3 prefixlen 64 scopeid 0xd
inet 10.108.128.1 netmask 0xffffff00 broadcast 10.108.128.255
Dummy Dummy wrote:
> > Hi OpenBSDers!
> >
> > We have two 4.0 box that we are planning to use as a HA firewall.
> > While setting it up, we encounter a problem where the interface
> > doesn't know how to go into a backup state and stayed as master.
> >
> > Both boxes have the same hardware, connected to the same subnet.
> > When doing a tcpdump on the physical interface, both boxes can
> > see the carp advertisements but they don't seem to be responding to it.
> >
> > There are four other interfaces on the same box, and they're all
> > behaving as expected (ie. when one's master, one'll be backup and
> > vice versa). We've ran out of ideas on why this is and need some
> > expert opinion. Have anyone seen this before?
> >
> > Thanks in advance...
> >
> > Here is the configuration of the box A:
> > # ifconfig em0
> > em0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
> > lladdr 00:04:23:c1:fe:4a
> > description: World core switch uplink
> > media: Ethernet 100baseTX full-duplex
> > status: active
> > inet 192.168.108.5 netmask 0xffffff00 broadcast 192.168.108.255
> > inet6 fe80::204:23ff:fec1:fe4a%em0 prefixlen 64 scopeid 0x1
> > # ifconfig carp0
> > carp0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
> > lladdr 00:00:5e:00:01:04
> > carp: MASTER carpdev em0 vhid 4 advbase 1 advskew 100
> > groups: carp
> > inet6 fe80::200:5eff:fe00:104%carp0 prefixlen 64 scopeid 0xa
> > inet 192.168.108.2 netmask 0xffffff00 broadcast 192.168.108.255
> > # tcpdump -nvvv -r /tmp/em0.5.tr proto carp
> > 15:16:46.006407 carp 192.168.108.4 > 224.0.0.18: CARPv2-advertise 36:
> vhid=4
> > advbase=1 advskew=50 demote=0 (DF) (ttl 255, id 9319, len 56)
> > 15:16:47.088866 carp 192.168.108.6 > 224.0.0.18: CARPv2-advertise 20:
> > vhid=80 advbase=3 advskew=150 demote=0 [tos 0xc0] (ttl 255, id 60466,
> len
> > 40)
> > 15:16:47.216383 carp 192.168.108.4 > 224.0.0.18: CARPv2-advertise 36:
> vhid=4
> > advbase=1 advskew=50 demote=0 (DF) (ttl 255, id 17369, len 56)
> > 15:16:48.426361 carp 192.168.108.4 > 224.0.0.18: CARPv2-advertise 36:
> vhid=4
> > advbase=1 advskew=50 demote=0 (DF) (ttl 255, id 20131, len 56)
> > 15:16:48.784260 carp 192.168.108.5 > 224.0.0.18: CARPv2-advertise 36:
> vhid=4
> > advbase=1 advskew=100 demote=0 (DF) [tos 0x10] (ttl 255, id 56385, len
> 56)
> > 15:16:49.636337 carp 192.168.108.4 > 224.0.0.18: CARPv2-advertise 36:
> vhid=4
> > advbase=1 advskew=50 demote=0 (DF) (ttl 255, id 6185, len 56)
> > 15:16:50.091449 carp 192.168.108.6 > 224.0.0.18: CARPv2-advertise 20:
> > vhid=80 advbase=3 advskew=150 demote=0 [tos 0xc0] (ttl 255, id 38698,
> len
> > 40)
> > 15:16:50.194262 carp 192.168.108.5 > 224.0.0.18: CARPv2-advertise 36:
> vhid=4
> > advbase=1 advskew=100 demote=0 (DF) [tos 0x10] (ttl 255, id 34793, len
> 56)
> > 15:16:50.846313 carp 192.168.108.4 > 224.0.0.18: CARPv2-advertise 36:
> vhid=4
> > advbase=1 advskew=50 demote=0 (DF) (ttl 255, id 31704, len 56)
> > 15:16:51.604272 carp 192.168.108.5 > 224.0.0.18: CARPv2-advertise 36:
> vhid=4
> > advbase=1 advskew=100 demote=0 (DF) [tos 0x10] (ttl 255, id 62842, len
> 56)
> > 15:16:52.056289 carp 192.168.108.4 > 224.0.0.18: CARPv2-advertise 36:
> vhid=4
> > advbase=1 advskew=50 demote=0 (DF) (ttl 255, id 2899, len 56)
> > 15:16:53.014276 carp 192.168.108.5 > 224.0.0.18: CARPv2-advertise 36:
> vhid=4
> > advbase=1 advskew=100 demote=0 (DF) [tos 0x10] (ttl 255, id 50211, len
> 56)
> > 15:16:53.092038 carp 192.168.108.6 > 224.0.0.18: CARPv2-advertise 20:
> > vhid=80 advbase=3 advskew=150 demote=0 [tos 0xc0] (ttl 255, id 59937,
> len
> > 40)
> > 15:16:53.274872 carp 192.168.108.4 > 224.0.0.18: CARPv2-advertise 36:
> vhid=4
> > advbase=1 advskew=50 demote=0 (DF) [tos 0x10] (ttl 255, id 848, len 56)
> > # netstat -sp carp
> > carp:
> > 232749 packets received (IPv4)
> > 0 packets received (IPv6)
> > 0 packets discarded for bad interface
> > 0 packets discarded for wrong TTL
> > 0 packets shorter than header
> > 0 discarded for bad checksums
> > 0 discarded packets with a bad version
> > 0 discarded because packet too short
> > 0 discarded for bad authentication
> > 0 discarded for bad vhid
> > 0 discarded because of a bad address list
> > 54530 packets sent (IPv4)
> > 0 packets sent (IPv6)
> > 0 send failed due to mbuf memory error
> > # netstat -rn | head
> > Routing tables
> >
> > Internet:
> > Destination Gateway Flags Refs Use Mtu
> > Interface
> > default 192.168.108.33 UGS 2 15250 -
> em0
> >
> > Here is the configuration of the box B:
> > # ifconfig em0
> > em0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
> > lladdr 00:04:23:c0:da:dc
> > description: World core switch uplink 1
> > media: Ethernet 100baseTX full-duplex
> > status: active
> > inet 192.168.108.4 netmask 0xffffff00 broadcast 192.168.108.255
> > inet6 fe80::204:23ff:fec0:dadc%em0 prefixlen 64 scopeid 0x1
> > # ifconfig carp0
> > carp0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
> > lladdr 00:00:5e:00:01:04
> > carp: MASTER carpdev em0 vhid 4 advbase 1 advskew 0
> > groups: carp
> > inet6 fe80::200:5eff:fe00:104%carp0 prefixlen 64 scopeid 0xa
> > inet 192.168.108.2 netmask 0xffffff00 broadcast 192.168.108.255
> > # tcpdump -nvvv -r /tmp/em0.4.tr proto carp
> > 15:16:46.005230 carp 192.168.108.4 > 224.0.0.18: CARPv2-advertise 36:
> vhid=4
> > advbase=1 advskew=50 demote=0 (DF) [tos 0x10] (ttl 255, id 9319, len 56)
> > 15:16:47.087852 carp 192.168.108.6 > 224.0.0.18: CARPv2-advertise 20:
> > vhid=80 advbase=3 advskew=150 demote=0 [tos 0xc0] (ttl 255, id 60466,
> len
> > 40)
> > 15:16:47.215213 carp 192.168.108.4 > 224.0.0.18: CARPv2-advertise 36:
> vhid=4
> > advbase=1 advskew=50 demote=0 (DF) [tos 0x10] (ttl 255, id 17369, len
> 56)
> > 15:16:48.425204 carp 192.168.108.4 > 224.0.0.18: CARPv2-advertise 36:
> vhid=4
> > advbase=1 advskew=50 demote=0 (DF) [tos 0x10] (ttl 255, id 20131, len
> 56)
> > 15:16:48.808075 carp 192.168.108.5 > 224.0.0.18: CARPv2-advertise 36:
> vhid=4
> > advbase=1 advskew=100 demote=0 (DF) [tos 0x10] (ttl 255, id 56385, len
> 56)
> > 15:16:49.635203 carp 192.168.108.4 > 224.0.0.18: CARPv2-advertise 36:
> vhid=4
> > advbase=1 advskew=50 demote=0 (DF) [tos 0x10] (ttl 255, id 6185, len 56)
> > 15:16:50.090435 carp 192.168.108.6 > 224.0.0.18: CARPv2-advertise 20:
> > vhid=80 advbase=3 advskew=150 demote=0 [tos 0xc0] (ttl 255, id 38698,
> len
> > 40)
> > 15:16:50.193372 carp 192.168.108.5 > 224.0.0.18: CARPv2-advertise 36:
> vhid=4
> > advbase=1 advskew=100 demote=0 (DF) (ttl 255, id 34793, len 56)
> > 15:16:50.845209 carp 192.168.108.4 > 224.0.0.18: CARPv2-advertise 36:
> vhid=4
> > advbase=1 advskew=50 demote=0 (DF) [tos 0x10] (ttl 255, id 31704, len
> 56)
> > 15:16:51.603406 carp 192.168.108.5 > 224.0.0.18: CARPv2-advertise 36:
> vhid=4
> > advbase=1 advskew=100 demote=0 (DF) (ttl 255, id 62842, len 56)
> > 15:16:52.055195 carp 192.168.108.4 > 224.0.0.18: CARPv2-advertise 36:
> vhid=4
> > advbase=1 advskew=50 demote=0 (DF) [tos 0x10] (ttl 255, id 2899, len 56)
> > 15:16:53.013314 carp 192.168.108.5 > 224.0.0.18: CARPv2-advertise 36:
> vhid=4
> > advbase=1 advskew=100 demote=0 (DF) (ttl 255, id 50211, len 56)
> > 15:16:53.091019 carp 192.168.108.6 > 224.0.0.18: CARPv2-advertise 20:
> > vhid=80 advbase=3 advskew=150 demote=0 [tos 0xc0] (ttl 255, id 59937,
> len
> > 40)
> > 15:16:53.265194 carp 192.168.108.4 > 224.0.0.18: CARPv2-advertise 36:
> vhid=4
> > advbase=1 advskew=50 demote=0 (DF) [tos 0x10] (ttl 255, id 848, len 56)
> > # netstat -sp carp
> > carp:
> > 11008 packets received (IPv4)
> > 0 packets received (IPv6)
> > 0 packets discarded for bad interface
> > 0 packets discarded for wrong TTL
> > 0 packets shorter than header
> > 0 discarded for bad checksums
> > 0 discarded packets with a bad version
> > 0 discarded because packet too short
> > 0 discarded for bad authentication
> > 0 discarded for bad vhid
> > 0 discarded because of a bad address list
> > 5437068 packets sent (IPv4)
> > 0 packets sent (IPv6)
> > 0 send failed due to mbuf memory error
> > # netstat -rn | head
> > Routing tables
> >
> > Internet:
> > Destination Gateway Flags Refs Use Mtu
> > Interface
> > default 192.168.108.33 UGS 3 38520537 -
> em0
