Carp problems in testing releases
-
Have you asked someone to MFC those patches to RELENG_6? I would rather not add any more custom patches to our current roster.
-
Have you asked someone to MFC those patches to RELENG_6? I would rather not add any more custom patches to our current roster.
I already opened a support ticket on Intel, they was not able to reproduce the problem, so they wanted me to send them full TCP dump, but now I sent them that link, we'll see, what can be done.
/jan
-
I have two nodes with a dual copper gigabit card with vlans and carp in em0. Had similar problem, but now they are working fine.
From dmesg:
em0: <intel(r) 1000="" pro="" network="" connection="" version="" -="" 3.2.18="">port 0x2400-0x243f mem 0xfe060000-0xfe07ffff,0xfe080000-0xfe0bffff irq 24 at device 5.0 on pci2
em0: Ethernet address: 00:04:23:c2:25:42
em1: <intel(r) 1000="" pro="" network="" connection="" version="" -="" 3.2.18="">port 0x2440-0x247f mem 0xfe100000-0xfe11ffff,0xfe0c0000-0xfe0fffff irq 25 at device 5.1 on pci2
em1: Ethernet address: 00:04:23:c2:25:43See http://forum.pfsense.org/index.php?topic=752.0</intel(r)></intel(r)>
-
I have two nodes with a dual copper gigabit card with vlans and carp in em0. Had similar problem, but now they are working fine.
Copper runs fine, FC is a problem…
/jan
-
My machine occasionaly produce kernel error when I delete or create a new CARP.
I missed to write down the error log, because the server stuck and restart by it self.
After restart, it self check the file structure, found and fix some error in some files.
Then my pfsense configuration is broke with the error "could not find xml configuration", and I must reinstall that machine. :'( :'( :'( -
I have two nodes with a dual copper gigabit card with vlans and carp in em0. Had similar problem, but now they are working fine.
From dmesg:
em0: <intel(r) 1000="" pro="" network="" connection="" version="" -="" 3.2.18="">port 0x2400-0x243f mem 0xfe060000-0xfe07ffff,0xfe080000-0xfe0bffff irq 24 at device 5.0 on pci2
em0: Ethernet address: 00:04:23:c2:25:42
em1: <intel(r) 1000="" pro="" network="" connection="" version="" -="" 3.2.18="">port 0x2440-0x247f mem 0xfe100000-0xfe11ffff,0xfe0c0000-0xfe0fffff irq 25 at device 5.1 on pci2
em1: Ethernet address: 00:04:23:c2:25:43See http://forum.pfsense.org/index.php?topic=752.0</intel(r)></intel(r)>
Hello… yes, solution on that link solved quite a bit of a problem, I did an CVS update and behaviour changed dramatically. Now CARP interfaces on FC em2 are not anymore in INIT state, but in weird state. advskew is normal (0 on master and 100 on slave), but states are all MASTER on slave node and some of them MASTER on master node and some of them SLAVE on master node...
I feel like in release 0.96, CARP on VLAN behaved exactly the same on copper interfaces :)
snap from ifconfig on master node:
carp0: flags=49 <up,loopback,running>mtu 1500
inet 192.168.222.1 netmask 0xffffff00
carp: BACKUP vhid 1 advbase 1 advskew 0
carp1: flags=49 <up,loopback,running>mtu 1500
inet 192.168.223.1 netmask 0xffffffff
carp: MASTER vhid 2 advbase 1 advskew 0
carp2: flags=49 <up,loopback,running>mtu 1500
inet 192.168.224.1 netmask 0xffffff00
carp: MASTER vhid 3 advbase 1 advskew 0
carp3: flags=49 <up,loopback,running>mtu 1500
inet 81.24.100.7 netmask 0xfffffff0
carp: BACKUP vhid 4 advbase 1 advskew 0snap from ifconfig on slave mode:
carp0: flags=49 <up,loopback,running>mtu 1500
inet 192.168.222.1 netmask 0xffffff00
carp: MASTER vhid 1 advbase 1 advskew 100
carp1: flags=49 <up,loopback,running>mtu 1500
inet 192.168.223.1 netmask 0xffffffff
carp: MASTER vhid 2 advbase 1 advskew 100
carp2: flags=49 <up,loopback,running>mtu 1500
inet 192.168.224.1 netmask 0xffffff00
carp: MASTER vhid 3 advbase 1 advskew 100
carp3: flags=49 <up,loopback,running>mtu 1500
inet 81.24.100.7 netmask 0xfffffff0
carp: MASTER vhid 4 advbase 1 advskew 100I also have tcpdump from em0 interface, when I enable CARP on slave and master goes from all MASTER to woohooo, if somebody is interested.
http://haktar.select-tech.si/em2.dump.txt/jan</up,loopback,running></up,loopback,running></up,loopback,running></up,loopback,running></up,loopback,running></up,loopback,running></up,loopback,running></up,loopback,running>
-
If the interfaces are in different states then pfsync is not communicating properly.
A couple things to check:
1. Use a dedicated sync interface and add allow all rules on it. Set the sync interfaces into their own subnet 192.168.5.1 and 192.168.5.2 /24 so that they can communicate.
2. Ping the other interface from each of the boxes to ensure connectivity (ping the 192.168.5.X ips) -
If the interfaces are in different states then pfsync is not communicating properly.
A couple things to check:
1. Use a dedicated sync interface and add allow all rules on it. Set the sync interfaces into their own subnet 192.168.5.1 and 192.168.5.2 /24 so that they can communicate.
2. Ping the other interface from each of the boxes to ensure connectivity (ping the 192.168.5.X ips)All checked. I use dedicated sync interface, connected with cross cable. 10.0.2.0/24 (.2 and .3) IP addreses used on that interfaces.
Can ping each other on that interfaces.
I created CARP addresses on primary and those addreses were synced over to slave host.
Also Rules are synced with no issues…
Sullrich, if you like, I can give you access to hosts in question, they are not production firewalls, their purpose is only to test those FC cards with pfsense...
/jan
-
Yes, go ahead and email me the information.
-