[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: CARP failure: Juniper arp timeouts?
- To: misc_(_at_)_openbsd_(_dot_)_org
- Subject: Re: CARP failure: Juniper arp timeouts?
- From: Eric Eekhof <eric_(_at_)_eekhof_(_dot_)_net>
- Date: Tue, 20 Apr 2004 10:42:06 +0200
- Organization: Eric Conspiracy Secret Labs
- Reply-to: eric_(_at_)_eekhof_(_dot_)_net
Hi,
On Mon, Apr 19, 2004 at 09:51:46PM +0200, Waldemar Brodkorb wrote:
> I think you configured something wrong. Two weeks ago I setup a
> redundant firewall system for testing purpose with a friend and
> everything worked fine.
>
> Show us your hostname.* and sysctl.conf files of both machines and
> ifconfig -a .
Hi,
I've skipped irrelevant lines to keep this post as short as possible.
FW 1
----
/etc/sysctl.conf:
net.inet.ip.forwarding=1 # 1=Permit forwarding (routing) of packets
net.inet.carp.preempt=1
net.inet.carp.arpbalance=1
/etc/hostname.fxp0:
inet 192.168.0.3 255.255.255.240 NONE
/etc/hostname.fxp1:
inet 172.16.31.253 255.255.255.252 NONE
/etc/hostname.carp0:
vhid 1 pass mekmitasdigoat 192.168.0.2
/etc/hostname.carp1:
vhid 2 pass mekmitasdigoat 192.168.0.2
/etc/pfsync0:
up syncif fxp1
ifconfig -a:
fxp0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
address: 00:0d:61:32:7a:be
media: Ethernet autoselect (100baseTX full-duplex)
status: active
inet 192.168.0.3 netmask 0xfffffff0 broadcast 192.168.0.15
inet6 fe80::20d:61ff:fe32:7abe%fxp0 prefixlen 64 scopeid 0x5
fxp1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
address: 00:0d:61:32:7a:bf
media: Ethernet autoselect (100baseTX full-duplex)
status: active
inet 172.16.31.253 netmask 0xfffffffc broadcast 172.16.31.255
inet6 fe80::20d:61ff:fe32:7abf%fxp1 prefixlen 64 scopeid 0x6
pflog0: flags=141<UP,RUNNING,PROMISC> mtu 33224
pfsync0: flags=41<UP,RUNNING> mtu 1348
pfsync: syncif: fxp1 maxupd: 128
enc0: flags=0<> mtu 1536
carp0: flags=41<UP,RUNNING> mtu 1500
carp: MASTER vhid 1 advbase 1 advskew 0
inet 192.168.0.2 netmask 0xff000000
carp1: flags=41<UP,RUNNING> mtu 1500
carp: MASTER vhid 2 advbase 1 advskew 0
inet 192.168.0.2 netmask 0xff000000
FW 2
----
/etc/sysctl.conf:
net.inet.ip.forwarding=1 # 1=Permit forwarding (routing) of packets
net.inet.carp.preempt=1
net.inet.carp.arpbalance=1
/etc/hostname.fxp0:
inet 192.168.0.4 255.255.255.240 NONE
/etc/hostname.fxp1:
inet 172.16.31.254 255.255.255.252 NONE
/etc/hostname.carp0:
vhid 1 advskew 100 pass mekmitasdigoat 192.168.0.2
/etc/hostname.carp1:
vhid 2 advskew 100 pass mekmitasdigoat 192.168.0.2
/etc/pfsync0:
up syncif fxp1
ifconfig -a:
fxp0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
address: 00:0d:61:3f:54:c2
media: Ethernet autoselect (100baseTX full-duplex)
status: active
inet 192.168.0.4 netmask 0xfffffff0 broadcast 192.168.0.15
inet6 fe80::20d:61ff:fe3f:54c2%fxp0 prefixlen 64 scopeid 0x1
fxp1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
address: 00:0d:61:3f:54:c3
media: Ethernet autoselect (100baseTX full-duplex)
status: active
inet 172.16.31.254 netmask 0xfffffffc broadcast 172.16.31.255
inet6 fe80::20d:61ff:fe3f:54c3%fxp1 prefixlen 64 scopeid 0x2
pflog0: flags=141<UP,RUNNING,PROMISC> mtu 33224
pfsync0: flags=41<UP,RUNNING> mtu 1348
pfsync: syncif: fxp1 maxupd: 128
enc0: flags=0<> mtu 1536
carp0: flags=41<UP,RUNNING> mtu 1500
carp: MASTER vhid 1 advbase 1 advskew 100
inet 192.168.0.2 netmask 0xff000000
carp1: flags=41<UP,RUNNING> mtu 1500
carp: MASTER vhid 2 advbase 1 advskew 100
inet 192.168.0.2 netmask 0xff000000
Notice the 'MASTER' on all carp interfaces. I would expect to see 'SLAVE' on
two interfaces, but I failed to check this while testing this setup.
Can you find any misconfiguration?
TIA,
Eric
Visit your host, monkey.org