Hi all,
I've just upgraded two OpenBSD boxes from 4.4 to 4.5.
I'm using the AMD64 version of GENERIC kernel, all patches applied.
I'm trying to convert my old gateway configuration from active/passive
to active/active, thanks to the brand new pfsync protocol
implementation. I'd like to use stealth-ip mode, because I have to use a
poor 24 ports switch.
So, when I start to send packets through the cluster, if I start tcpdump
on both machines I can see carp interfaces work correctly, but traffic
is forwarded only through one host, ALWAYS, even if I try to generate
traffic from different hosts across the Internet.
If I reboot the active machine, the traffic starts to flow throught the
other machine (so failover works).
I'm not able to obtain both carp interfaces work in a load balanced way.
So, this is my network:
**switch**
|
(carp0)
10.200.10.2
bge0 / \ bge0
--------------- ---------------
| 10.200.10.3 | | 10.200.10.4 |
| * host A * | | * host B * |
|192.168.10.2 | |192.168.10.3 |
--------------- --------------
bge1 \ / bge1
192.168.10.1
(carp1)
|
**switch lan**
On sysctl.conf, I've set net.inet.carp.preempt to 1 on both machines.
pf is enabled with pass in/pass pass out rules.
Obviously, ip forwadring is enabled too.
On host A, I configured these:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
/etc/hostname.bge0
inet 10.200.10.3 255.255.255.240 NONE
/etc/hostname.bge1
inet 192.168.10.2 255.255.255.0 NONE
/etc/hostname.carp0
inet 10.200.10.2 255.255.255.240 10.200.10.15 vhid 10 carpdev bge0 pass
password carpnodes 10:0,11:100 balancing ip-stealth
/etc/hostname.carp1
inet 192.168.10.1 255.255.255.0 192.168.10.255 vhid 20 carpdev bge1 pass
password carpnodes 20:0,21:100 balancing ip-stealth
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
On host B, I configured these:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
/etc/hostname.bge0
inet 10.200.10.4 255.255.255.240 NONE
/etc/hostname.bge1
inet 192.168.10.3 255.255.255.0 NONE
/etc/hostname.carp0
inet 10.200.10.2 255.255.255.240 10.200.10.15 vhid 11 carpdev bge0 pass
password carpnodes 10:100,11:0 balancing ip-stealth
/etc/hostname.carp1
inet 192.168.10.1 255.255.255.0 192.168.10.255 vhid 21 carpdev bge1 pass
password carpnodes 20:100,21:0 balancing ip-stealth
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
This is what I see with with ifcofig about carp interfaces on host A:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
carp0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
lladdr 00:00:5e:00:01:0a
priority: 0
carp: carpdev bge0 advbase 1 balancing ip-stealth
state MASTER vhid 10 advskew 0
state BACKUP vhid 11 advskew 100
groups: carp
inet6 fe80::200:5eff:fe00:10a%carp0 prefixlen 64 scopeid 0x7
inet 10.200.10.2 netmask 0xfffffff0 broadcast 10.200.10.15
carp1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
lladdr 00:00:5e:00:01:14
priority: 0
carp: carpdev bge1 advbase 1 balancing ip-stealth
state MASTER vhid 20 advskew 0
state BACKUP vhid 21 advskew 100
groups: carp
inet6 fe80::200:5eff:fe00:114%carp1 prefixlen 64 scopeid 0x8
inet 192.168.10.1 netmask 0xffffff00 broadcast 192.168.10.255
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
And this on host B:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
carp0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
lladdr 00:00:5e:00:01:0a
priority: 0
carp: carpdev bge0 advbase 1 balancing ip-stealth
state BACKUP vhid 10 advskew 100
state MASTER vhid 11 advskew 0
groups: carp
inet6 fe80::200:5eff:fe00:10a%carp0 prefixlen 64 scopeid 0x7
inet 10.200.10.2 netmask 0xfffffff0 broadcast 10.200.10.15
carp1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
lladdr 00:00:5e:00:01:14
priority: 0
carp: carpdev bge1 advbase 1 balancing ip-stealth
state BACKUP vhid 20 advskew 100
state MASTER vhid 21 advskew 0
groups: carp
inet6 fe80::200:5eff:fe00:114%carp1 prefixlen 64 scopeid 0x8
inet 192.168.10.1 netmask 0xffffff00 broadcast 192.168.10.255
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
I'm focusing on the mac addresses of the carp interfaces: reading the
man pages, these should be the multicast type, but 00:xx:xx:xx:xx:xx is
not in the multicast family.
So, what's wrong with my configuration?
Every hint will be appreciated.
