|
OpenBSD General Other questions regarding OpenBSD which do not fit in any of the categories below. |
|
Thread Tools | Display Modes |
|
|||
Problems configuring carp
CARP seems easy enough, I even have The Book of PF to help me with its 7th chapter where it's explained how to set it up.
I can't get it working though. I wanted to learn how carp worked so I setup a new machine with 3 interfaces. Newly installed 4.9 sans x* and game* sets. vic0 is connected to an internal network. vic2 is connected to an external network. I have 255 public ipv4 addresses to test with, and a Cisco catalyst with a 4 hour arp table timeout value. I felt it was important to mention this because I have had issues when the mac address of an IP changes from for example physical to carp. So I've made sure to test completely new ip-addresses, I've even waited the 4 hours and I've tried different lladdr values. Whatever I try I can seem to get my physical interfaces connected to both networks without problems, but any IP I set on a carp-interface, whether it be on the internal or external networks, remains unreachable. Pf.conf is default, and I've even tried pfctl -d just to be safe. When I sniff on both physical and carp-interface I get no icmp-packets at all if I ping the ip on the carp-interface. The physical works fine in either network. I've also tried having no ip on the physical carpdev. net.inet.carp.allow=1, net.inet.carp.preempt=0. This is a single machine configuration that I wanted to get working before I moved on to more complex configurations. I assumed you could still use a carp psuedo interface even though there are no BACKUPs. I can see no errors in messages, only a message that the carp interface is going from BACKUP to MASTER. The commands and hostname.if syntax I use can be seen in this article too. openbsd.org/faq/faq6.html#CARP It's really so generic and I've tried so many combinations of this that it feels pointless to show you. inet 10.220.100.55 255.255.255.0 10.220.100.255 vhid 2 pass foobar carpdev vic0 and for vic0 I've used either no address or 10.220.100.54 for example. And I've done the same troubleshooting for vic2 where I've used public ipv4 addresses. I have other hosts on the same network as the public ips that work, and I have other hosts on the same internal network from where I can ping the internal ip's while they're on physical interfaces, but not on carp. What on earth could I be missing here?! Edit: I think I figured out what I was missing, namely promiscous mode in vSwitch. This is a vSphere environment and when I tried to setup the same in my own VMware fusion at home it asked me for my password to "monitor all network traffic" and worked. So after that I found several articles and vmware community posts about promiscous mode in vSwitch needing to be on for CARP to work. Last edited by nocturnal; 23rd October 2011 at 04:04 PM. |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
configuring second NIC | tomp | OpenBSD Installation and Upgrading | 19 | 15th August 2011 07:25 PM |
CARP | Abbass | OpenBSD Security | 3 | 13th April 2011 07:22 PM |
Clustering with CARP | revzalot | OpenBSD General | 10 | 17th September 2009 04:44 AM |
carp configuration | ohhcarp | OpenBSD General | 3 | 16th April 2009 10:50 PM |