DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD General

OpenBSD General Other questions regarding OpenBSD which do not fit in any of the categories below.

 
 
Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #1   (View Single Post)  
Old 14th September 2013
Arenio Arenio is offline
New User
 
Join Date: Apr 2009
Location: Poland/Warsaw
Posts: 8
Default CARP + CISCO router don't work with each other

Hello!

I've got a problem with cooperating OpenBSD CARP and CISCO router.
Firstly, there are several cases to make a failover and a load balancing.
Let me introduce one of them. General network concept depicts below "diagram".

--------re0--------carp0(re1)
ISP1----[OpenBSD+CARP]----\ SWI _____CISCO<<<-----LAN
ISP2----[OpenBSD+CARP]---- /TCH-------Fe0/1
--------re0--------carp0(re1)----\
-----------------------------------PC
carp0: 10.0.0.9/29
Fe0/1: 10.0.0.10/29
PC: 10.0.0.11/29

One of the configuration doesn't work and that one I need (second below).
Thanks for your help or any suggestions.

1st (working)

ISP1:
Code:
# ifconfig
re1: flags=8b43<UP,BROADCAST,RUNNING,PROMISC,ALLMULTI,SIMPLEX,MULTICAST> mtu 1500
        lladdr 00:04:a7:05:ab:bd
        priority: 0
        media: Ethernet autoselect (1000baseT full-duplex)
        status: active
        inet 10.0.0.1 netmask 0xfffffff8 broadcast 10.0.0.7
        inet6 fe80::204:a7ff:fe05:abbd%re1 prefixlen 64 scopeid 0x2
carp0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        lladdr 00:00:5e:00:01:01
        priority: 0
        carp: MASTER carpdev re1 vhid 1 advbase 1 advskew 0
        groups: carp
        status: master
        inet6 fe80::200:5eff:fe00:101%carp0 prefixlen 64 scopeid 0x9
        inet 10.0.0.9 netmask 0xfffffff8 broadcast 10.0.0.15
# cat /etc/hostname.carp0
inet 10.0.0.9 255.255.255.248 10.0.0.15 vhid 1 pass arenio carpdev re1
# arp -a
? (10.0.0.2) at 00:04:a7:05:ab:cf on re1
? (10.0.0.10) at e0:5f:b9:04:10:70 on carp0
? (10.0.0.11) at 00:24:be:7b:6e:e6 on carp0
ISP2 is the same except MACs and re1 inet 10.0.0.2 .



2nd (not working). I mean CISCO router cannot ping the 10.0.0.9 IP address and back, where above configuration works correctly and the IP address is pingable. In the other words, one of the host (PC-Windows) pings correctly 10.0.0.9 at both cases.

ISP1:
Code:
# ifconfig
re1: flags=8b43<UP,BROADCAST,RUNNING,PROMISC,ALLMULTI,SIMPLEX,MULTICAST> mtu 1500
        lladdr 00:04:a7:05:ab:bd
        priority: 0
        media: Ethernet autoselect (1000baseT full-duplex)
        status: active
        inet 10.0.0.1 netmask 0xfffffff8 broadcast 10.0.0.7
        inet6 fe80::204:a7ff:fe05:abbd%re1 prefixlen 64 scopeid 0x2
carp0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        lladdr 01:00:5e:00:01:01
        priority: 0
        carp: carpdev re1 advbase 1 balancing ip
                state MASTER vhid 1 advskew 0
                state BACKUP vhid 2 advskew 100
        groups: carp
        status: master
        inet6 fe80::204:a7ff:fe05:abbc%carp0 prefixlen 64 scopeid 0x9
        inet 10.0.0.9 netmask 0xfffffff8 broadcast 10.0.0.15
# cat /etc/hostname.carp0
inet 10.0.0.9 255.255.255.248 10.0.0.15 balancing ip carpnodes 1:0,2:100 pass arek carpdev re1
# arp -a
? (10.0.0.11) at 00:24:be:7b:6e:e6 on carp0
Code:
#:~> ifconfig
re1: flags=8b43<UP,BROADCAST,RUNNING,PROMISC,ALLMULTI,SIMPLEX,MULTICAST> mtu 1500
        lladdr 00:04:a7:05:ab:cf
        priority: 0
        media: Ethernet autoselect (1000baseT full-duplex)
        status: active
        inet 10.0.0.2 netmask 0xfffffff8 broadcast 10.0.0.7
        inet6 fe80::204:a7ff:fe05:abcf%re1 prefixlen 64 scopeid 0x2
carp0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        lladdr 01:00:5e:00:01:01
        priority: 0
        carp: carpdev re1 advbase 1 balancing ip
                state BACKUP vhid 1 advskew 100
                state MASTER vhid 2 advskew 0
        groups: carp
        status: backup
        inet6 fe80::204:a7ff:fe05:abce%carp0 prefixlen 64 scopeid 0x9
        inet 10.0.0.9 netmask 0xfffffff8 broadcast 10.0.0.15
#:~> cat /etc/hostname.carp0
inet 10.0.0.9 255.255.255.248 10.0.0.15 balancing ip carpnodes 2:0,1:100 pass arek carpdev re1
#:~> arp -a
? (10.0.0.1) at 00:04:a7:05:ab:bd on re1
? (10.0.0.11) at 00:24:be:7b:6e:e6 on carp0

It seems that router sends icmp packets but OpenBSD doesn't reply.

Code:
gw1#debug ip icmp
ICMP packet debugging is on
gw1#
02:07:14: ICMP: echo reply sent, src 10.0.0.10, dst 10.0.0.9, topology BASE, dscp 0 topoid 0
02:07:15: ICMP: echo reply sent, src 10.0.0.10, dst 10.0.0.9, topology BASE, dscp 0 topoid 0
02:07:16: ICMP: echo reply sent, src 10.0.0.10, dst 10.0.0.9, topology BASE, dscp 0 topoid 0
02:07:17: ICMP: echo reply sent, src 10.0.0.10, dst 10.0.0.9, topology BASE, dscp 0 topoid 0
02:07:18: ICMP: echo reply sent, src 10.0.0.10, dst 10.0.0.9, topology BASE, dscp 0 topoid 0
02:07:19: ICMP: echo reply sent, src 10.0.0.10, dst 10.0.0.9, topology BASE, dscp 0 topoid 0
02:07:20: ICMP: echo reply sent, src 10.0.0.10, dst 10.0.0.9, topology BASE, dscp 0 topoid 0
02:07:21: ICMP: echo reply sent, src 10.0.0.10, dst 10.0.0.9, topology BASE, dscp 0 topoid 0
02:07:22: ICMP: echo reply sent, src 10.0.0.10, dst 10.0.0.9, topology BASE, dscp 0 topoid 0
02:07:23: ICMP: echo reply sent, src 10.0.0.10, dst 10.0.0.9, topology BASE, dscp 0 topoid 0
02:07:24: ICMP: echo reply sent, src 10.0.0.10, dst 10.0.0.9, topology BASE, dscp 0 topoid 0
02:07:25: ICMP: echo reply sent, src 10.0.0.10, dst 10.0.0.9, topology BASE, dscp 0 topoid 0
02:07:40: ICMP: echo reply sent, src 10.0.0.10, dst 10.0.0.11, topology BASE, dscp 0 topoid 0
02:07:41: ICMP: echo reply sent, src 10.0.0.10, dst 10.0.0.11, topology BASE, dscp 0 topoid 0
02:07:42: ICMP: echo reply sent, src 10.0.0.10, dst 10.0.0.11, topology BASE, dscp 0 topoid 0
02:07:43: ICMP: echo reply sent, src 10.0.0.10, dst 10.0.0.11, topology BASE, dscp 0 topoid 0

And packets from CISCO router are not correctly routed at network.

Code:
# tcpdump -n -e -ttt -i carp0 icmp
tcpdump: listening on carp0, link-type EN10MB
Sep 14 19:43:40.306166 00:24:be:7b:6e:e6 01:00:5e:00:01:01 0800 74: 10.0.0.11 > 10.0.0.9: icmp: echo request
Sep 14 19:43:41.306917 00:24:be:7b:6e:e6 01:00:5e:00:01:01 0800 74: 10.0.0.11 > 10.0.0.9: icmp: echo request
Sep 14 19:43:42.308248 00:24:be:7b:6e:e6 01:00:5e:00:01:01 0800 74: 10.0.0.11 > 10.0.0.9: icmp: echo request
Sep 14 19:43:43.310005 00:24:be:7b:6e:e6 01:00:5e:00:01:01 0800 74: 10.0.0.11 > 10.0.0.9: icmp: echo request
^C
103 packets received by filter
0 packets dropped by kernel
# tcpdump -n -e -ttt -i re1 icmp
tcpdump: listening on re1, link-type EN10MB
Sep 14 19:44:16.412720 e0:5f:b9:04:10:70 00:00:5e:00:01:01 0800 114: 10.0.0.10 > 10.0.0.9: icmp: echo request
Sep 14 19:44:18.410253 e0:5f:b9:04:10:70 00:00:5e:00:01:01 0800 114: 10.0.0.10 > 10.0.0.9: icmp: echo request
Sep 14 19:44:20.410299 e0:5f:b9:04:10:70 00:00:5e:00:01:01 0800 114: 10.0.0.10 > 10.0.0.9: icmp: echo request
Sep 14 19:44:22.410344 e0:5f:b9:04:10:70 00:00:5e:00:01:01 0800 114: 10.0.0.10 > 10.0.0.9: icmp: echo request
Sep 14 19:44:24.410389 e0:5f:b9:04:10:70 00:00:5e:00:01:01 0800 114: 10.0.0.10 > 10.0.0.9: icmp: echo request
Sep 14 19:44:30.520657 00:24:be:7b:6e:e6 01:00:5e:00:01:01 0800 74: 10.0.0.11 > 10.0.0.9: icmp: echo request
Sep 14 19:44:30.520723 00:04:a7:05:ab:bd 00:24:be:7b:6e:e6 0800 74: 10.0.0.9 > 10.0.0.11: icmp: echo reply
Sep 14 19:44:31.523496 00:24:be:7b:6e:e6 01:00:5e:00:01:01 0800 74: 10.0.0.11 > 10.0.0.9: icmp: echo request
Sep 14 19:44:31.523538 00:04:a7:05:ab:bd 00:24:be:7b:6e:e6 0800 74: 10.0.0.9 > 10.0.0.11: icmp: echo reply
Sep 14 19:44:32.527124 00:24:be:7b:6e:e6 01:00:5e:00:01:01 0800 74: 10.0.0.11 > 10.0.0.9: icmp: echo request
Sep 14 19:44:32.527167 00:04:a7:05:ab:bd 00:24:be:7b:6e:e6 0800 74: 10.0.0.9 > 10.0.0.11: icmp: echo reply
Sep 14 19:44:33.529034 00:24:be:7b:6e:e6 01:00:5e:00:01:01 0800 74: 10.0.0.11 > 10.0.0.9: icmp: echo request
Sep 14 19:44:33.529077 00:04:a7:05:ab:bd 00:24:be:7b:6e:e6 0800 74: 10.0.0.9 > 10.0.0.11: icmp: echo reply
^C
190 packets received by filter
0 packets dropped by kernel
#

Route table from OpenBSD (ISP1).
Code:
# route show
Routing tables

Internet:
Destination        Gateway            Flags   Refs      Use   Mtu  Prio Iface
default            89-77-172-x.dynami UGS        0     6006     -     8 re0
10.0.0.0/29        link#2             UC         0        0     -     4 re1
10.0.0.8/29        link#9             UC         1        0     -     4 carp0
10.0.0.11          00:24:be:7b:6e:e6  UHLc       1    55994     -     4 carp0
89-77-172-x.dynami link#1             UC         1        0     -     4 re0
89-77-172-y.dynami 00:17:10:02:48:0f  UHLc       1        0     -     4 re0
loopback           localhost          UGRS       0        0 33196     8 lo0
localhost          localhost          UH         1        0 33196     4 lo0
BASE-ADDRESS.MCAST localhost          URS        0        0 33196     8 lo0

Route table from OpenBSD (ISP2).
Code:
:~> route show
Routing tables

Internet:
Destination        Gateway            Flags   Refs      Use   Mtu  Prio Iface
default            46.31.34.z         UGS        0    42373     -     8 re0
10.0.0.0/29        link#2             UC         0        0     -     4 re1
10.0.0.8/29        link#9             C          3        0     -     4 carp0
10.0.0.9           01:00:5e:00:01:01  HLc        0        6     -     4 lo0
10.0.0.10          e0:5f:b9:04:10:70  HLc        0       20     -     4 carp0
10.0.0.11          00:24:be:7b:6e:e6  HLc        1   130154     -     4 carp0
46.31.34/24        link#1             UC         1        0     -     4 re0
46.31.34.x         00:17:10:03:0c:4f  UHLc       1        0     -     4 re0
46.31.34.y        localhost          UGHS       0        0 33196     8 lo0
46.31.34.z        localhost          UGHS       0        0 33196     8 lo0
loopback           localhost          UGRS       0        0 33196     8 lo0
localhost          localhost          UH         3        0 33196     4 lo0
192.168.4/24       link#6             C          0        0     -     4 rl3
BASE-ADDRESS.MCAST localhost          URS        0        0 33196     8 lo0

Some confusing. CISCO router recognizes different MAC address than is in actual one.
Please look below. MAC address has to be 0100.5e00.0101 .
Code:
gw1#show arp
Protocol  Address          Age (min)  Hardware Addr   Type   Interface
Internet  10.0.0.9              168   0000.5e00.0101  ARPA   FastEthernet4
Internet  10.0.0.10               -   e05f.b904.1070  ARPA   FastEthernet4
Internet  10.0.0.11               0   0024.be7b.6ee6  ARPA   FastEthernet4
More CISCO debug.
Code:
gw1#show arp
Protocol  Address          Age (min)  Hardware Addr   Type   Interface
Internet  10.0.0.10               -   e05f.b904.1070  ARPA   FastEthernet4
Internet  10.0.0.11               1   0024.be7b.6ee6  ARPA   FastEthernet4
Internet  192.168.254.1           -   e05f.b904.106c  ARPA   Vlan1
Internet  192.168.254.17         13   0024.d640.3818  ARPA   Vlan1
gw1#clear arp interface fastEthernet 4
04:44:55: ARP: flushing ARP entries for interface FastEthernet4
04:44:55: IP ARP: sent rep src 10.0.0.10 e05f.b904.1070,
                 dst 10.0.0.10 ffff.ffff.ffff FastEthernet4
04:44:55: IP ARP: sent req src 10.0.0.10 e05f.b904.1070,
                 dst 10.0.0.11 0024.be7b.6ee6 FastEthernet4
04:44:55: IP ARP: rcvd rep src 10.0.0.11 0024.be7b.6ee6, dst 10.0.0.10 FastEthernet4
gw1#ping 10.0.0.9

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.0.9, timeout is 2 seconds:

04:45:11: IP ARP: creating incomplete entry for IP address: 10.0.0.9 interface FastEthernet4
04:45:11: IP ARP: sent req src 10.0.0.10 e05f.b904.1070,
                 dst 10.0.0.9 0000.0000.0000 FastEthernet4.
04:45:13: IP ARP: sent req src 10.0.0.10 e05f.b904.1070,
                 dst 10.0.0.9 0000.0000.0000 FastEthernet4.
04:45:15: IP ARP: sent req src 10.0.0.10 e05f.b904.1070,
                 dst 10.0.0.9 0000.0000.0000 FastEthernet4.
04:45:17: IP ARP: sent req src 10.0.0.10 e05f.b904.1070,
                 dst 10.0.0.9 0000.0000.0000 FastEthernet4.
04:45:19: IP ARP: sent req src 10.0.0.10 e05f.b904.1070,
                 dst 10.0.0.9 0000.0000.0000 FastEthernet4.
Success rate is 0 percent (0/5)
gw1#show arp
Protocol  Address          Age (min)  Hardware Addr   Type   Interface
Internet  10.0.0.9                0   Incomplete      ARPA
Internet  10.0.0.10               -   e05f.b904.1070  ARPA   FastEthernet4
Internet  10.0.0.11               0   0024.be7b.6ee6  ARPA   FastEthernet4
Internet  192.168.254.1           -   e05f.b904.106c  ARPA   Vlan1
Internet  192.168.254.17         14   0024.d640.3818  ARPA   Vlan1
gw1#
__________________
Arenio

------------
Secure by Default

Last edited by Arenio; 15th September 2013 at 07:28 PM.
Reply With Quote
 

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
OpenBSD CARP/PF nekron99 OpenBSD Security 16 8th November 2011 11:08 PM
CARP Abbass OpenBSD Security 3 13th April 2011 07:22 PM
Clustering with CARP revzalot OpenBSD General 10 17th September 2009 04:44 AM
carp configuration ohhcarp OpenBSD General 3 16th April 2009 10:50 PM


All times are GMT. The time now is 07:33 PM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick