Problems configuring carp
CARP seems easy enough, I even have The Book of PF to help me with its 7th chapter where it's explained how to set it up.
I can't get it working though.
I wanted to learn how carp worked so I setup a new machine with 3 interfaces. Newly installed 4.9 sans x* and game* sets.
vic0 is connected to an internal network.
vic2 is connected to an external network.
I have 255 public ipv4 addresses to test with, and a Cisco catalyst with a 4 hour arp table timeout value. I felt it was important to mention this because I have had issues when the mac address of an IP changes from for example physical to carp.
So I've made sure to test completely new ip-addresses, I've even waited the 4 hours and I've tried different lladdr values.
Whatever I try I can seem to get my physical interfaces connected to both networks without problems, but any IP I set on a carp-interface, whether it be on the internal or external networks, remains unreachable.
Pf.conf is default, and I've even tried pfctl -d just to be safe. When I sniff on both physical and carp-interface I get no icmp-packets at all if I ping the ip on the carp-interface. The physical works fine in either network. I've also tried having no ip on the physical carpdev.
net.inet.carp.allow=1, net.inet.carp.preempt=0. This is a single machine configuration that I wanted to get working before I moved on to more complex configurations. I assumed you could still use a carp psuedo interface even though there are no BACKUPs. I can see no errors in messages, only a message that the carp interface is going from BACKUP to MASTER.
The commands and hostname.if syntax I use can be seen in this article too.
It's really so generic and I've tried so many combinations of this that it feels pointless to show you.
inet 10.220.100.55 255.255.255.0 10.220.100.255 vhid 2 pass foobar carpdev vic0
and for vic0 I've used either no address or 10.220.100.54 for example. And I've done the same troubleshooting for vic2 where I've used public ipv4 addresses.
I have other hosts on the same network as the public ips that work, and I have other hosts on the same internal network from where I can ping the internal ip's while they're on physical interfaces, but not on carp.
What on earth could I be missing here?!
Edit: I think I figured out what I was missing, namely promiscous mode in vSwitch. This is a vSphere environment and when I tried to setup the same in my own VMware fusion at home it asked me for my password to "monitor all network traffic" and worked. So after that I found several articles and vmware community posts about promiscous mode in vSwitch needing to be on for CARP to work.
Last edited by nocturnal; 23rd October 2011 at 04:04 PM.
|Thread||Thread Starter||Forum||Replies||Last Post|
|configuring second NIC||tomp||OpenBSD Installation and Upgrading||19||15th August 2011 07:25 PM|
|CARP||Abbass||OpenBSD Security||3||13th April 2011 07:22 PM|
|Clustering with CARP||revzalot||OpenBSD General||10||17th September 2009 04:44 AM|
|carp configuration||ohhcarp||OpenBSD General||3||16th April 2009 10:50 PM|