IP addresses have been changed to protect the guilty. The "wrong VHID"
packets have a simple explanation: There are two other machines on this
net with their own CARP interfaces. No idea what the short packets are
about.
Master:
# ifconfig
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 33224
groups: lo
inet 127.0.0.1 netmask 0xff000000
sis0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
lladdr 00:00:24:c8:45:48
groups: egress
media: Ethernet autoselect (100baseTX full-duplex)
status: active
inet 2.1.7.3 netmask 0xffffffe0 broadcast
sis1: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
lladdr 00:00:24:c8:45:49
media: Ethernet autoselect (100baseTX full-duplex)
status: active
inet 1.3.3.7 netmask 0xffffffc0 broadcast
sis2: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
lladdr 00:00:24:c8:45:4a
media: Ethernet autoselect (100baseTX full-duplex)
status: active
inet 10.40.28.13 netmask 0xffffff00 broadcast 10.40.28.255
sis3: flags=8842<BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
lladdr 00:00:24:c7:98:6c
media: Ethernet autoselect (none)
status: no carrier
sis4: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
lladdr 00:00:24:c7:98:6d
media: Ethernet autoselect (100baseTX full-duplex)
status: active
inet 172.16.1.3 netmask 0xffffff00 broadcast 172.16.1.255
pflog0: flags=0<> mtu 33224
pfsync0: flags=0<> mtu 1460
pfsync: syncdev: sis4 syncpeer: 224.0.0.240 maxupd: 128
enc0: flags=0<> mtu 1536
carp1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
carp: MASTER carpdev sis0 vhid 1 advbase 1 advskew 0
groups: carp
inet 6.2.8.8 netmask 0xfffffff8 broadcast
carp3: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
carp: MASTER carpdev sis1 vhid 3 advbase 1 advskew 0
groups: carp
inet 1.3.7.8 netmask 0xffffffc0 broadcast
carp4: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
carp: MASTER carpdev sis2 vhid 4 advbase 1 advskew 0
groups: carp
inet 10.40.28.1 netmask 0xffffff00 broadcast 10.40.28.255
# netstat -s -p carp
carp:
11770017 packets received (IPv4)
0 packets received (IPv6)
0 packets discarded for bad interface
0 packets discarded for wrong TTL
0 packets shorter than header
0 discarded for bad checksums
0 discarded packets with a bad version
3956879 discarded because packet too short
0 discarded for bad authentication
7803201 discarded for bad vhid
0 discarded because of a bad address list
4263104 packets sent (IPv4)
0 packets sent (IPv6)
0 send failed due to mbuf memory error
# netstat -s -p pfsync
pfsync:
8396009 packets received (IPv4)
0 packets received (IPv6)
0 packets discarded for bad interface
0 packets discarded for bad ttl
0 packets shorter than header
0 packets discarded for bad version
0 packets discarded for bad HMAC
0 packets discarded for bad action
0 packets discarded for short packet
0 states discarded for bad values
0 stale states
6148732 failed state lookup/inserts
22453726 packets sent (IPv4)
0 packets sent (IPv6)
0 send failed due to mbuf memory error
0 send error
On the backup:
# ifconfig
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 33224
groups: lo
inet 127.0.0.1 netmask 0xff000000
sis0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
lladdr 00:00:24:c6:a8:fc
media: Ethernet autoselect (100baseTX full-duplex)
status: active
inet 2.1.7.5 netmask 0xffffffe0 broadcast
sis1: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
lladdr 00:00:24:c6:a8:fd
media: Ethernet autoselect (100baseTX full-duplex)
status: active
inet 1.3.3.6 netmask 0xffffffc0 broadcast
sis2: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
lladdr 00:00:24:c6:a8:fe
media: Ethernet autoselect (100baseTX full-duplex)
status: active
inet 10.40.28.12 netmask 0xffffff00 broadcast 10.40.28.255
sis3: flags=8842<BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
lladdr 00:00:24:c6:2e:74
media: Ethernet autoselect (none)
status: no carrier
sis4: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
lladdr 00:00:24:c6:2e:75
media: Ethernet autoselect (100baseTX full-duplex)
status: active
inet 172.16.1.2 netmask 0xffffff00 broadcast 172.16.1.255
pflog0: flags=0<> mtu 33224
pfsync0: flags=0<> mtu 1460
pfsync: syncdev: sis4 syncpeer: 224.0.0.240 maxupd: 128
enc0: flags=0<> mtu 1536
carp1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
carp: BACKUP carpdev sis0 vhid 1 advbase 1 advskew 230
groups: carp egress
inet 6.2.8.8 netmask 0xfffffff8 broadcast
carp3: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
carp: BACKUP carpdev sis1 vhid 3 advbase 1 advskew 230
groups: carp
inet 1.3.7.8 netmask 0xffffffc0 broadcast
carp4: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
carp: BACKUP carpdev sis2 vhid 4 advbase 1 advskew 230
groups: carp
inet 10.40.28.1 netmask 0xffffff00 broadcast 10.40.28.255
# netstat -s -p carp
carp:
16025115 packets received (IPv4)
0 packets received (IPv6)
0 packets discarded for bad interface
0 packets discarded for wrong TTL
0 packets shorter than header
0 discarded for bad checksums
0 discarded packets with a bad version
3957383 discarded because packet too short
0 discarded for bad authentication
7805754 discarded for bad vhid
0 discarded because of a bad address list
10029 packets sent (IPv4)
0 packets sent (IPv6)
0 send failed due to mbuf memory error
# netstat -s -p pfsync
pfsync:
22453363 packets received (IPv4)
0 packets received (IPv6)
0 packets discarded for bad interface
0 packets discarded for bad ttl
0 packets shorter than header
0 packets discarded for bad version
0 packets discarded for bad HMAC
0 packets discarded for bad action
0 packets discarded for short packet
0 states discarded for bad values
0 stale states
10017225 failed state lookup/inserts
8397043 packets sent (IPv4)
0 packets sent (IPv6)
0 send failed due to mbuf memory error
0 send error
Thanks,
Jose.
Bryan Irvine wrote:
On Mon, Sep 22, 2008 at 8:30 AM, Jose Quinteiro <[EMAIL PROTECTED]> wrote:
Not set on the MASTER, 230 on the backup.
Can you post the output of 'ifconfig' and 'netstat -s -p carp' and
'netstat -s -p pfsync' from both firewalls?
-B
