|
OpenBSD General Other questions regarding OpenBSD which do not fit in any of the categories below. |
|
Thread Tools | Display Modes |
|
|||
CARP + CISCO router don't work with each other
Hello!
I've got a problem with cooperating OpenBSD CARP and CISCO router. Firstly, there are several cases to make a failover and a load balancing. Let me introduce one of them. General network concept depicts below "diagram". --------re0--------carp0(re1) ISP1----[OpenBSD+CARP]----\ SWI _____CISCO<<<-----LAN ISP2----[OpenBSD+CARP]---- /TCH-------Fe0/1 --------re0--------carp0(re1)----\ -----------------------------------PC carp0: 10.0.0.9/29 Fe0/1: 10.0.0.10/29 PC: 10.0.0.11/29 One of the configuration doesn't work and that one I need (second below). Thanks for your help or any suggestions. 1st (working) ISP1: Code:
# ifconfig re1: flags=8b43<UP,BROADCAST,RUNNING,PROMISC,ALLMULTI,SIMPLEX,MULTICAST> mtu 1500 lladdr 00:04:a7:05:ab:bd priority: 0 media: Ethernet autoselect (1000baseT full-duplex) status: active inet 10.0.0.1 netmask 0xfffffff8 broadcast 10.0.0.7 inet6 fe80::204:a7ff:fe05:abbd%re1 prefixlen 64 scopeid 0x2 carp0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 lladdr 00:00:5e:00:01:01 priority: 0 carp: MASTER carpdev re1 vhid 1 advbase 1 advskew 0 groups: carp status: master inet6 fe80::200:5eff:fe00:101%carp0 prefixlen 64 scopeid 0x9 inet 10.0.0.9 netmask 0xfffffff8 broadcast 10.0.0.15 # cat /etc/hostname.carp0 inet 10.0.0.9 255.255.255.248 10.0.0.15 vhid 1 pass arenio carpdev re1 # arp -a ? (10.0.0.2) at 00:04:a7:05:ab:cf on re1 ? (10.0.0.10) at e0:5f:b9:04:10:70 on carp0 ? (10.0.0.11) at 00:24:be:7b:6e:e6 on carp0 2nd (not working). I mean CISCO router cannot ping the 10.0.0.9 IP address and back, where above configuration works correctly and the IP address is pingable. In the other words, one of the host (PC-Windows) pings correctly 10.0.0.9 at both cases. ISP1: Code:
# ifconfig re1: flags=8b43<UP,BROADCAST,RUNNING,PROMISC,ALLMULTI,SIMPLEX,MULTICAST> mtu 1500 lladdr 00:04:a7:05:ab:bd priority: 0 media: Ethernet autoselect (1000baseT full-duplex) status: active inet 10.0.0.1 netmask 0xfffffff8 broadcast 10.0.0.7 inet6 fe80::204:a7ff:fe05:abbd%re1 prefixlen 64 scopeid 0x2 carp0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 lladdr 01:00:5e:00:01:01 priority: 0 carp: carpdev re1 advbase 1 balancing ip state MASTER vhid 1 advskew 0 state BACKUP vhid 2 advskew 100 groups: carp status: master inet6 fe80::204:a7ff:fe05:abbc%carp0 prefixlen 64 scopeid 0x9 inet 10.0.0.9 netmask 0xfffffff8 broadcast 10.0.0.15 # cat /etc/hostname.carp0 inet 10.0.0.9 255.255.255.248 10.0.0.15 balancing ip carpnodes 1:0,2:100 pass arek carpdev re1 # arp -a ? (10.0.0.11) at 00:24:be:7b:6e:e6 on carp0 Code:
#:~> ifconfig re1: flags=8b43<UP,BROADCAST,RUNNING,PROMISC,ALLMULTI,SIMPLEX,MULTICAST> mtu 1500 lladdr 00:04:a7:05:ab:cf priority: 0 media: Ethernet autoselect (1000baseT full-duplex) status: active inet 10.0.0.2 netmask 0xfffffff8 broadcast 10.0.0.7 inet6 fe80::204:a7ff:fe05:abcf%re1 prefixlen 64 scopeid 0x2 carp0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 lladdr 01:00:5e:00:01:01 priority: 0 carp: carpdev re1 advbase 1 balancing ip state BACKUP vhid 1 advskew 100 state MASTER vhid 2 advskew 0 groups: carp status: backup inet6 fe80::204:a7ff:fe05:abce%carp0 prefixlen 64 scopeid 0x9 inet 10.0.0.9 netmask 0xfffffff8 broadcast 10.0.0.15 #:~> cat /etc/hostname.carp0 inet 10.0.0.9 255.255.255.248 10.0.0.15 balancing ip carpnodes 2:0,1:100 pass arek carpdev re1 #:~> arp -a ? (10.0.0.1) at 00:04:a7:05:ab:bd on re1 ? (10.0.0.11) at 00:24:be:7b:6e:e6 on carp0 It seems that router sends icmp packets but OpenBSD doesn't reply. Code:
gw1#debug ip icmp ICMP packet debugging is on gw1# 02:07:14: ICMP: echo reply sent, src 10.0.0.10, dst 10.0.0.9, topology BASE, dscp 0 topoid 0 02:07:15: ICMP: echo reply sent, src 10.0.0.10, dst 10.0.0.9, topology BASE, dscp 0 topoid 0 02:07:16: ICMP: echo reply sent, src 10.0.0.10, dst 10.0.0.9, topology BASE, dscp 0 topoid 0 02:07:17: ICMP: echo reply sent, src 10.0.0.10, dst 10.0.0.9, topology BASE, dscp 0 topoid 0 02:07:18: ICMP: echo reply sent, src 10.0.0.10, dst 10.0.0.9, topology BASE, dscp 0 topoid 0 02:07:19: ICMP: echo reply sent, src 10.0.0.10, dst 10.0.0.9, topology BASE, dscp 0 topoid 0 02:07:20: ICMP: echo reply sent, src 10.0.0.10, dst 10.0.0.9, topology BASE, dscp 0 topoid 0 02:07:21: ICMP: echo reply sent, src 10.0.0.10, dst 10.0.0.9, topology BASE, dscp 0 topoid 0 02:07:22: ICMP: echo reply sent, src 10.0.0.10, dst 10.0.0.9, topology BASE, dscp 0 topoid 0 02:07:23: ICMP: echo reply sent, src 10.0.0.10, dst 10.0.0.9, topology BASE, dscp 0 topoid 0 02:07:24: ICMP: echo reply sent, src 10.0.0.10, dst 10.0.0.9, topology BASE, dscp 0 topoid 0 02:07:25: ICMP: echo reply sent, src 10.0.0.10, dst 10.0.0.9, topology BASE, dscp 0 topoid 0 02:07:40: ICMP: echo reply sent, src 10.0.0.10, dst 10.0.0.11, topology BASE, dscp 0 topoid 0 02:07:41: ICMP: echo reply sent, src 10.0.0.10, dst 10.0.0.11, topology BASE, dscp 0 topoid 0 02:07:42: ICMP: echo reply sent, src 10.0.0.10, dst 10.0.0.11, topology BASE, dscp 0 topoid 0 02:07:43: ICMP: echo reply sent, src 10.0.0.10, dst 10.0.0.11, topology BASE, dscp 0 topoid 0 And packets from CISCO router are not correctly routed at network. Code:
# tcpdump -n -e -ttt -i carp0 icmp tcpdump: listening on carp0, link-type EN10MB Sep 14 19:43:40.306166 00:24:be:7b:6e:e6 01:00:5e:00:01:01 0800 74: 10.0.0.11 > 10.0.0.9: icmp: echo request Sep 14 19:43:41.306917 00:24:be:7b:6e:e6 01:00:5e:00:01:01 0800 74: 10.0.0.11 > 10.0.0.9: icmp: echo request Sep 14 19:43:42.308248 00:24:be:7b:6e:e6 01:00:5e:00:01:01 0800 74: 10.0.0.11 > 10.0.0.9: icmp: echo request Sep 14 19:43:43.310005 00:24:be:7b:6e:e6 01:00:5e:00:01:01 0800 74: 10.0.0.11 > 10.0.0.9: icmp: echo request ^C 103 packets received by filter 0 packets dropped by kernel # tcpdump -n -e -ttt -i re1 icmp tcpdump: listening on re1, link-type EN10MB Sep 14 19:44:16.412720 e0:5f:b9:04:10:70 00:00:5e:00:01:01 0800 114: 10.0.0.10 > 10.0.0.9: icmp: echo request Sep 14 19:44:18.410253 e0:5f:b9:04:10:70 00:00:5e:00:01:01 0800 114: 10.0.0.10 > 10.0.0.9: icmp: echo request Sep 14 19:44:20.410299 e0:5f:b9:04:10:70 00:00:5e:00:01:01 0800 114: 10.0.0.10 > 10.0.0.9: icmp: echo request Sep 14 19:44:22.410344 e0:5f:b9:04:10:70 00:00:5e:00:01:01 0800 114: 10.0.0.10 > 10.0.0.9: icmp: echo request Sep 14 19:44:24.410389 e0:5f:b9:04:10:70 00:00:5e:00:01:01 0800 114: 10.0.0.10 > 10.0.0.9: icmp: echo request Sep 14 19:44:30.520657 00:24:be:7b:6e:e6 01:00:5e:00:01:01 0800 74: 10.0.0.11 > 10.0.0.9: icmp: echo request Sep 14 19:44:30.520723 00:04:a7:05:ab:bd 00:24:be:7b:6e:e6 0800 74: 10.0.0.9 > 10.0.0.11: icmp: echo reply Sep 14 19:44:31.523496 00:24:be:7b:6e:e6 01:00:5e:00:01:01 0800 74: 10.0.0.11 > 10.0.0.9: icmp: echo request Sep 14 19:44:31.523538 00:04:a7:05:ab:bd 00:24:be:7b:6e:e6 0800 74: 10.0.0.9 > 10.0.0.11: icmp: echo reply Sep 14 19:44:32.527124 00:24:be:7b:6e:e6 01:00:5e:00:01:01 0800 74: 10.0.0.11 > 10.0.0.9: icmp: echo request Sep 14 19:44:32.527167 00:04:a7:05:ab:bd 00:24:be:7b:6e:e6 0800 74: 10.0.0.9 > 10.0.0.11: icmp: echo reply Sep 14 19:44:33.529034 00:24:be:7b:6e:e6 01:00:5e:00:01:01 0800 74: 10.0.0.11 > 10.0.0.9: icmp: echo request Sep 14 19:44:33.529077 00:04:a7:05:ab:bd 00:24:be:7b:6e:e6 0800 74: 10.0.0.9 > 10.0.0.11: icmp: echo reply ^C 190 packets received by filter 0 packets dropped by kernel # Route table from OpenBSD (ISP1). Code:
# route show Routing tables Internet: Destination Gateway Flags Refs Use Mtu Prio Iface default 89-77-172-x.dynami UGS 0 6006 - 8 re0 10.0.0.0/29 link#2 UC 0 0 - 4 re1 10.0.0.8/29 link#9 UC 1 0 - 4 carp0 10.0.0.11 00:24:be:7b:6e:e6 UHLc 1 55994 - 4 carp0 89-77-172-x.dynami link#1 UC 1 0 - 4 re0 89-77-172-y.dynami 00:17:10:02:48:0f UHLc 1 0 - 4 re0 loopback localhost UGRS 0 0 33196 8 lo0 localhost localhost UH 1 0 33196 4 lo0 BASE-ADDRESS.MCAST localhost URS 0 0 33196 8 lo0 Route table from OpenBSD (ISP2). Code:
:~> route show Routing tables Internet: Destination Gateway Flags Refs Use Mtu Prio Iface default 46.31.34.z UGS 0 42373 - 8 re0 10.0.0.0/29 link#2 UC 0 0 - 4 re1 10.0.0.8/29 link#9 C 3 0 - 4 carp0 10.0.0.9 01:00:5e:00:01:01 HLc 0 6 - 4 lo0 10.0.0.10 e0:5f:b9:04:10:70 HLc 0 20 - 4 carp0 10.0.0.11 00:24:be:7b:6e:e6 HLc 1 130154 - 4 carp0 46.31.34/24 link#1 UC 1 0 - 4 re0 46.31.34.x 00:17:10:03:0c:4f UHLc 1 0 - 4 re0 46.31.34.y localhost UGHS 0 0 33196 8 lo0 46.31.34.z localhost UGHS 0 0 33196 8 lo0 loopback localhost UGRS 0 0 33196 8 lo0 localhost localhost UH 3 0 33196 4 lo0 192.168.4/24 link#6 C 0 0 - 4 rl3 BASE-ADDRESS.MCAST localhost URS 0 0 33196 8 lo0 Some confusing. CISCO router recognizes different MAC address than is in actual one. Please look below. MAC address has to be 0100.5e00.0101 . Code:
gw1#show arp Protocol Address Age (min) Hardware Addr Type Interface Internet 10.0.0.9 168 0000.5e00.0101 ARPA FastEthernet4 Internet 10.0.0.10 - e05f.b904.1070 ARPA FastEthernet4 Internet 10.0.0.11 0 0024.be7b.6ee6 ARPA FastEthernet4 Code:
gw1#show arp Protocol Address Age (min) Hardware Addr Type Interface Internet 10.0.0.10 - e05f.b904.1070 ARPA FastEthernet4 Internet 10.0.0.11 1 0024.be7b.6ee6 ARPA FastEthernet4 Internet 192.168.254.1 - e05f.b904.106c ARPA Vlan1 Internet 192.168.254.17 13 0024.d640.3818 ARPA Vlan1 gw1#clear arp interface fastEthernet 4 04:44:55: ARP: flushing ARP entries for interface FastEthernet4 04:44:55: IP ARP: sent rep src 10.0.0.10 e05f.b904.1070, dst 10.0.0.10 ffff.ffff.ffff FastEthernet4 04:44:55: IP ARP: sent req src 10.0.0.10 e05f.b904.1070, dst 10.0.0.11 0024.be7b.6ee6 FastEthernet4 04:44:55: IP ARP: rcvd rep src 10.0.0.11 0024.be7b.6ee6, dst 10.0.0.10 FastEthernet4 gw1#ping 10.0.0.9 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.0.0.9, timeout is 2 seconds: 04:45:11: IP ARP: creating incomplete entry for IP address: 10.0.0.9 interface FastEthernet4 04:45:11: IP ARP: sent req src 10.0.0.10 e05f.b904.1070, dst 10.0.0.9 0000.0000.0000 FastEthernet4. 04:45:13: IP ARP: sent req src 10.0.0.10 e05f.b904.1070, dst 10.0.0.9 0000.0000.0000 FastEthernet4. 04:45:15: IP ARP: sent req src 10.0.0.10 e05f.b904.1070, dst 10.0.0.9 0000.0000.0000 FastEthernet4. 04:45:17: IP ARP: sent req src 10.0.0.10 e05f.b904.1070, dst 10.0.0.9 0000.0000.0000 FastEthernet4. 04:45:19: IP ARP: sent req src 10.0.0.10 e05f.b904.1070, dst 10.0.0.9 0000.0000.0000 FastEthernet4. Success rate is 0 percent (0/5) gw1#show arp Protocol Address Age (min) Hardware Addr Type Interface Internet 10.0.0.9 0 Incomplete ARPA Internet 10.0.0.10 - e05f.b904.1070 ARPA FastEthernet4 Internet 10.0.0.11 0 0024.be7b.6ee6 ARPA FastEthernet4 Internet 192.168.254.1 - e05f.b904.106c ARPA Vlan1 Internet 192.168.254.17 14 0024.d640.3818 ARPA Vlan1 gw1#
__________________
Arenio ------------ Secure by Default Last edited by Arenio; 15th September 2013 at 07:28 PM. |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
OpenBSD CARP/PF | nekron99 | OpenBSD Security | 16 | 8th November 2011 11:08 PM |
CARP | Abbass | OpenBSD Security | 3 | 13th April 2011 07:22 PM |
Clustering with CARP | revzalot | OpenBSD General | 10 | 17th September 2009 04:44 AM |
carp configuration | ohhcarp | OpenBSD General | 3 | 16th April 2009 10:50 PM |