DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD General

OpenBSD General Other questions regarding OpenBSD which do not fit in any of the categories below.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 23rd October 2011
nocturnal nocturnal is offline
New User
 
Join Date: Oct 2011
Posts: 6
Thanked 0 Times in 0 Posts
Default Problems configuring carp

CARP seems easy enough, I even have The Book of PF to help me with its 7th chapter where it's explained how to set it up.

I can't get it working though.

I wanted to learn how carp worked so I setup a new machine with 3 interfaces. Newly installed 4.9 sans x* and game* sets.

vic0 is connected to an internal network.

vic2 is connected to an external network.

I have 255 public ipv4 addresses to test with, and a Cisco catalyst with a 4 hour arp table timeout value. I felt it was important to mention this because I have had issues when the mac address of an IP changes from for example physical to carp.

So I've made sure to test completely new ip-addresses, I've even waited the 4 hours and I've tried different lladdr values.

Whatever I try I can seem to get my physical interfaces connected to both networks without problems, but any IP I set on a carp-interface, whether it be on the internal or external networks, remains unreachable.

Pf.conf is default, and I've even tried pfctl -d just to be safe. When I sniff on both physical and carp-interface I get no icmp-packets at all if I ping the ip on the carp-interface. The physical works fine in either network. I've also tried having no ip on the physical carpdev.

net.inet.carp.allow=1, net.inet.carp.preempt=0. This is a single machine configuration that I wanted to get working before I moved on to more complex configurations. I assumed you could still use a carp psuedo interface even though there are no BACKUPs. I can see no errors in messages, only a message that the carp interface is going from BACKUP to MASTER.

The commands and hostname.if syntax I use can be seen in this article too.

openbsd.org/faq/faq6.html#CARP

It's really so generic and I've tried so many combinations of this that it feels pointless to show you.

inet 10.220.100.55 255.255.255.0 10.220.100.255 vhid 2 pass foobar carpdev vic0

and for vic0 I've used either no address or 10.220.100.54 for example. And I've done the same troubleshooting for vic2 where I've used public ipv4 addresses.

I have other hosts on the same network as the public ips that work, and I have other hosts on the same internal network from where I can ping the internal ip's while they're on physical interfaces, but not on carp.

What on earth could I be missing here?!

Edit: I think I figured out what I was missing, namely promiscous mode in vSwitch. This is a vSphere environment and when I tried to setup the same in my own VMware fusion at home it asked me for my password to "monitor all network traffic" and worked. So after that I found several articles and vmware community posts about promiscous mode in vSwitch needing to be on for CARP to work.

Last edited by nocturnal; 23rd October 2011 at 04:04 PM.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
configuring second NIC tomp OpenBSD Installation and Upgrading 19 15th August 2011 07:25 PM
CARP Abbass OpenBSD Security 3 13th April 2011 07:22 PM
Clustering with CARP revzalot OpenBSD General 10 17th September 2009 04:44 AM
carp configuration ohhcarp OpenBSD General 3 16th April 2009 10:50 PM


All times are GMT. The time now is 01:58 PM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick