View Single Post
  #1   (View Single Post)  
Old 23rd October 2011
nocturnal nocturnal is offline
New User
 
Join Date: Oct 2011
Posts: 6
Default Problems configuring carp

CARP seems easy enough, I even have The Book of PF to help me with its 7th chapter where it's explained how to set it up.

I can't get it working though.

I wanted to learn how carp worked so I setup a new machine with 3 interfaces. Newly installed 4.9 sans x* and game* sets.

vic0 is connected to an internal network.

vic2 is connected to an external network.

I have 255 public ipv4 addresses to test with, and a Cisco catalyst with a 4 hour arp table timeout value. I felt it was important to mention this because I have had issues when the mac address of an IP changes from for example physical to carp.

So I've made sure to test completely new ip-addresses, I've even waited the 4 hours and I've tried different lladdr values.

Whatever I try I can seem to get my physical interfaces connected to both networks without problems, but any IP I set on a carp-interface, whether it be on the internal or external networks, remains unreachable.

Pf.conf is default, and I've even tried pfctl -d just to be safe. When I sniff on both physical and carp-interface I get no icmp-packets at all if I ping the ip on the carp-interface. The physical works fine in either network. I've also tried having no ip on the physical carpdev.

net.inet.carp.allow=1, net.inet.carp.preempt=0. This is a single machine configuration that I wanted to get working before I moved on to more complex configurations. I assumed you could still use a carp psuedo interface even though there are no BACKUPs. I can see no errors in messages, only a message that the carp interface is going from BACKUP to MASTER.

The commands and hostname.if syntax I use can be seen in this article too.

openbsd.org/faq/faq6.html#CARP

It's really so generic and I've tried so many combinations of this that it feels pointless to show you.

inet 10.220.100.55 255.255.255.0 10.220.100.255 vhid 2 pass foobar carpdev vic0

and for vic0 I've used either no address or 10.220.100.54 for example. And I've done the same troubleshooting for vic2 where I've used public ipv4 addresses.

I have other hosts on the same network as the public ips that work, and I have other hosts on the same internal network from where I can ping the internal ip's while they're on physical interfaces, but not on carp.

What on earth could I be missing here?!

Edit: I think I figured out what I was missing, namely promiscous mode in vSwitch. This is a vSphere environment and when I tried to setup the same in my own VMware fusion at home it asked me for my password to "monitor all network traffic" and worked. So after that I found several articles and vmware community posts about promiscous mode in vSwitch needing to be on for CARP to work.

Last edited by nocturnal; 23rd October 2011 at 04:04 PM.
Reply With Quote