[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Trouble with 2-digit carp interfaces



Hello Everyone,
Thanks in advance to anyone who can assist me with this issue. If there
is a CARP mailing list that I should be posting this to, please let me
know.
My issue is this. I have two firewalls that share multiple virtual IP's
via CARP. These firewalls are doing NAT for multiple servers behind them
and are therefore required to have many carp interfaces that hold public
IP's. It has been my experience that everything runs just as expected
with interfaces named from carp0 through carp9. As soon as I add a carp
interface with more than one digit (ie carp10, carp11 or carp23), the
backup host (with the higher advskew value) starts switching between
MASTER and BACKUP on seemingly random carp interfaces. The fact that I
have two firewalls fighting over master status on public NAT'd IP's
represents a clear problem. The IP's related to the carp interfaces
become completely inaccessible.
My configuration details are as follows:
(Both machines are identical in hardware and software)
uname: OpenBSD 3.8 GENERIC#0 i386
sysctl: net.inet.carp.preempt=1
ifconfig:
"ifconfig carpN create"
"ifconfig carpN xxx.xxx.xxx.xxx netmask xxx.xxx.xxx.xxx vhid N pass
xxxxxxxx carpdev emN"
(on the secondary host I add "advskew 15" to the end)
Any help that anyone can offer would be most appreciated.
Thank you.
-- 
Zack Lawson
Network Administrator @ [email protected], Inc.
www.interactivate.com
***This message is intended only for the use of the Addressee and may
contain information that is PRIVILEGED and CONFIDENTIAL. If you are not
the intended recipient, dissemination of this communication is
prohibited. If you have received this communication in error, please
erase all copies of the message and its attachments and notify us
immediately.***