Problems configuring carp
CARP seems easy enough, I even have The Book of PF to help me with its 7th chapter where it's explained how to set it up.
I can't get it working though.
I wanted to learn how carp worked so I setup a new machine with 3 interfaces. Newly installed 4.9 sans x* and game* sets.
vic0 is connected to an internal network.
vic2 is connected to an external network.
I have 255 public ipv4 addresses to test with, and a Cisco catalyst with a 4 hour arp table timeout value. I felt it was important to mention this because I have had issues when the mac address of an IP changes from for example physical to carp.
So I've made sure to test completely new ip-addresses, I've even waited the 4 hours and I've tried different lladdr values.
Whatever I try I can seem to get my physical interfaces connected to both networks without problems, but any IP I set on a carp-interface, whether it be on the internal or external networks, remains unreachable.
Pf.conf is default, and I've even tried pfctl -d just to be safe. When I sniff on both physical and carp-interface I get no icmp-packets at all if I ping the ip on the carp-interface. The physical works fine in either network. I've also tried having no ip on the physical carpdev.
net.inet.carp.allow=1, net.inet.carp.preempt=0. This is a single machine configuration that I wanted to get working before I moved on to more complex configurations. I assumed you could still use a carp psuedo interface even though there are no BACKUPs. I can see no errors in messages, only a message that the carp interface is going from BACKUP to MASTER.
The commands and hostname.if syntax I use can be seen in this article too.
openbsd.org/faq/faq6.html#CARP
It's really so generic and I've tried so many combinations of this that it feels pointless to show you.
inet 10.220.100.55 255.255.255.0 10.220.100.255 vhid 2 pass foobar carpdev vic0
and for vic0 I've used either no address or 10.220.100.54 for example. And I've done the same troubleshooting for vic2 where I've used public ipv4 addresses.
I have other hosts on the same network as the public ips that work, and I have other hosts on the same internal network from where I can ping the internal ip's while they're on physical interfaces, but not on carp.
What on earth could I be missing here?!
Edit: I think I figured out what I was missing, namely promiscous mode in vSwitch. This is a vSphere environment and when I tried to setup the same in my own VMware fusion at home it asked me for my password to "monitor all network traffic" and worked. So after that I found several articles and vmware community posts about promiscous mode in vSwitch needing to be on for CARP to work.
Last edited by nocturnal; 23rd October 2011 at 04:04 PM.
|