CARP: two machines think they're the master, but only on one interface

Posted by Conor McDermottroe on Server Fault See other posts from Server Fault or by Conor McDermottroe
Published on 2010-04-21T18:48:07Z Indexed on 2010/04/21 18:53 UTC
Read the original article Hit count: 343

Filed under:
|

I have two machines, each configured identically as a firewall/load balancer for a busy website. I have set them up with CARP and pfsync on both the internal and external interfaces. The internal interface is behaving as expected (primary listed as MASTER and secondary listed as BACKUP)

On both machines, the network interfaces are as follows:

  • em0 - External interface
  • bge0 - Internal interface
  • bge1 - Crossover connection between both machines
  • carp0 - Shared external interface for CARP
  • carp1 - Shared internal interface for CARP

I've rewritten the IP addresses and MAC addresses below. The networks are as follows:

  • 10.0.1.0/24 - External network
  • 10.0.2.0/24 - Internal network
  • 10.0.3.0/24 - Crossover network

Here's the output from ifconfig on the primary:

em0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
    options=19b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,TSO4>
    ether [SNIP]
    inet 10.0.1.10 netmask 0xffffff00 broadcast 10.0.1.255
    media: Ethernet 100baseTX <full-duplex>
    status: active
bge0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
    options=9b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM>
    ether [SNIP]
    inet 10.0.2.10 netmask 0xffffff00 broadcast 10.0.2.255
    media: Ethernet 1000baseT <full-duplex>
    status: active
bge1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
    options=9b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM>
    ether [SNIP]
    inet 10.0.3.10 netmask 0xffffff00 broadcast 10.0.3.255
    media: Ethernet 1000baseT <full-duplex>
    status: active
lo0: flags=80c9<UP,LOOPBACK,RUNNING,NOARP,MULTICAST> metric 0 mtu 16384
    options=3<RXCSUM,TXCSUM>
    inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4 
    inet6 ::1 prefixlen 128 
    inet 127.0.0.1 netmask 0xff000000 
pflog0: flags=141<UP,RUNNING,PROMISC> metric 0 mtu 33152
pfsync0: flags=0<> metric 0 mtu 1460
    pfsync: syncdev: bge1 syncpeer: 10.0.3.11 maxupd: 128
carp0: flags=49<UP,LOOPBACK,RUNNING> metric 0 mtu 1500
    inet 10.0.1.5 netmask 0xffffff00 
    carp: MASTER vhid 1 advbase 1 advskew 0
carp1: flags=49<UP,LOOPBACK,RUNNING> metric 0 mtu 1500
    inet 10.0.2.5 netmask 0xffffff00 
    carp: MASTER vhid 2 advbase 1 advskew 0

And here's the /etc/rc.conf excerpt from the primary:

defaultrouter="10.0.1.1"
network_interfaces="em0 bge0 bge1 lo0 pfsync0"
cloned_interfaces="carp0 carp1"
ifconfig_em0="inet 10.0.1.10 netmask 255.255.255.0 media 100BaseTX mediaopt full-duplex"
ifconfig_bge0="inet 10.0.2.10 netmask 255.255.255.0 media 1000BaseTX mediaopt full-duplex"
ifconfig_bge1="inet 10.0.3.10 netmask 255.255.255.0 media 1000BaseTX mediaopt full-duplex"
ifconfig_carp0="vhid 1 pass [SNIP] 10.0.1.5/24"
ifconfig_carp1="vhid 2 pass [SNIP] 10.0.2.5/24"
pfsync_enable="YES"
pfsync_syncdev="bge1"
pfsync_syncpeer="10.0.3.11"

And here's the output on the secondary:

em0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
    options=19b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,TSO4>
    ether [SNIP]
    inet 10.0.1.11 netmask 0xffffff00 broadcast 10.0.1.255
    media: Ethernet 100baseTX <full-duplex>
    status: active
bge0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
    options=9b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM>
    ether [SNIP]
    inet 10.0.2.11 netmask 0xffffff00 broadcast 10.0.2.255
    media: Ethernet 1000baseT <full-duplex>
    status: active
bge1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
    options=9b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM>
    ether [SNIP]
    inet 10.0.3.11 netmask 0xffffff00 broadcast 10.0.3.255
    media: Ethernet 1000baseT <full-duplex>
    status: active
lo0: flags=80c9<UP,LOOPBACK,RUNNING,NOARP,MULTICAST> metric 0 mtu 16384
    options=3<RXCSUM,TXCSUM>
    inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4 
    inet6 ::1 prefixlen 128 
    inet 127.0.0.1 netmask 0xff000000 
pflog0: flags=141<UP,RUNNING,PROMISC> metric 0 mtu 33152
pfsync0: flags=0<> metric 0 mtu 1460
    pfsync: syncdev: bge1 syncpeer: 10.0.3.10 maxupd: 128
carp0: flags=49<UP,LOOPBACK,RUNNING> metric 0 mtu 1500
    inet 10.0.1.5 netmask 0xffffff00 
    carp: MASTER vhid 1 advbase 1 advskew 20
carp1: flags=49<UP,LOOPBACK,RUNNING> metric 0 mtu 1500
    inet 10.0.2.5 netmask 0xffffff00 
    carp: BACKUP vhid 2 advbase 1 advskew 20

And here's the /etc/rc.conf excerpt from the secondary:

defaultrouter="10.0.1.1"
network_interfaces="em0 bge0 bge1 lo0 pfsync0"
cloned_interfaces="carp0 carp1"
ifconfig_em0="inet 10.0.1.11 netmask 255.255.255.0 media 100BaseTX mediaopt full-duplex"
ifconfig_bge0="inet 10.0.2.11 netmask 255.255.255.0 media 1000BaseTX mediaopt full-duplex"
ifconfig_bge1="inet 10.0.3.11 netmask 255.255.255.0 media 1000BaseTX mediaopt full-duplex"
ifconfig_carp0="vhid 1 pass [SNIP] advskew 20 10.0.1.5/24"
ifconfig_carp1="vhid 2 pass [SNIP] advskew 20 10.0.2.5/24"
pfsync_enable="YES"
pfsync_syncdev="bge1"
pfsync_syncpeer="10.0.3.10"

What I don't understand is, the carp status on carp0 is MASTER on both machines when the status on carp1 is as it should be (MASTER on the primary and BACKUP on the secondary). What am I missing? Where should I be looking for clues?

© Server Fault or respective owner

Related posts about freebsd

Related posts about carp