Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    After Update from 2.2 to 2.2.1 Carp makes strange things - IPv6

    Scheduled Pinned Locked Moved HA/CARP/VIPs
    11 Posts 2 Posters 2.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M Offline
      masterd01
      last edited by

      Guys, i have a big problem after Update from 2.2 to 2.2.1 with the Carp. First of all: The Carp before the Update work's great with about 20 Interfaces. IPv4 and IPv6 - thats importend to know. The two Servers (i386) work in HA-Service. The first one replicate to the second one. Config and States. Again: No probs at all

      After Update from 2.2. to 2.2.1 the Carp has a Problem with two IPv6 Interfaces. But only on the Backup-Unit. The Master has the virtual IP active. On the Backup-Server the IP-Adresses are shown as slave - IPv4 and IPv6. But only two IPv6 Interfaces has NO (!) Status. Not Active and not Backup. Nothing. These Interfaces does a job i don't unterstand. They are on the way to be Split Brains. The Traffic issn't transport correctly from the master. That state is reproduceble after a short time of activation. Switchover is also working, than the unknown-state-Ifs go to up.
      Deactivation Carp or Maintainance-Mode aren't working for that Problem! - Only to shutdown the Server completly is still my solution.
      I deleted the "Problem-IFs" on the Master so it was also deleted on the slave. After adding it again the Mysterium start's again.
      summarized: to ipv6 stays in a unknown state and i don't know how to make it right. the others are okay.

      Should it be a bug?

      Any Ideas?

      Thanks a lot

      1 Reply Last reply Reply Quote 0
      • M Offline
        masterd01
        last edited by

        Hello? Any Ideas?

        1 Reply Last reply Reply Quote 0
        • C Offline
          cmb
          last edited by

          Is there anything related to the affected IPs in the system log?

          The only reason they wouldn't show in the CARP status page is if they're not configured on the interface. What does the output of 'ifconfig' look like?

          1 Reply Last reply Reply Quote 0
          • M Offline
            masterd01
            last edited by

            Hi,

            for a time it is okay (Screenshot), after that the Interface on the Backup there is no State for the IPv6 if (Second Screenshot).
            In the Logfile i see some Records. But i don't know if there are depends on that.

            Apr 2 10:00:45 kernel: carp: demoted by 0 to 0 (pfsync bulk start)
            Apr 2 10:00:45 kernel: ifa_del_loopback_route: deletion failed: 3
            Apr 2 10:00:45 kernel: ifa_del_loopback_route: deletion failed: 3
            Apr 2 10:00:45 kernel: carp: VHID 6@em3: INIT -> BACKUP
            Apr 2 08:00:45 check_reload_status: Carp backup event
            Apr 2 10:00:45 kernel: carp: VHID 5@bce1: INIT -> BACKUP

            Thanks,

            MasterD

            carp-ok.JPG
            carp-ok.JPG_thumb
            carp-fehler.JPG
            carp-fehler.JPG_thumb

            1 Reply Last reply Reply Quote 0
            • C Offline
              cmb
              last edited by

              Where they're not showing status like that, it's because they're missing or showing some odd status. The output of "ifconfig" is necessary to tell what's happening.

              1 Reply Last reply Reply Quote 0
              • M Offline
                masterd01
                last edited by

                Hi,

                here is the Output of the ifconfig (as Snap).

                Works:

                bce1: flags=8943 <up,broadcast,running,promisc,simplex,multicast>metric 0 mtu 1500
        options=c00bb <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,jumbo_mtu,vlan_hwcsum,vlan_hwtso,linkstate>ether 00:1a:64:7a:52:b0
        inet6 fe80::21a:64ff:fe7a:52b0%bce1 prefixlen 64 scopeid 0x6
        inet ***IPv4***.12 netmask 0xfffffff8 broadcast ***IPv4***.15
        inet6 2a00:***IPv6***f2 prefixlen 64
        inet ***IPv4***.10 netmask 0xfffffff8 broadcast ***IPv4***.15 vhid 2
        inet6 2a00:***IPv6***f0 prefixlen 64 vhid 5
        nd6 options=21 <performnud,auto_linklocal>media: Ethernet autoselect (1000baseT <full-duplex>)
        status: active
        carp: BACKUP vhid 2 advbase 1 advskew 101
        carp: BACKUP vhid 5 advbase 1 advskew 101
pflog0: flags=100 <promisc>metric 0 mtu 33144
pfsync0: flags=41 <up,running>metric 0 mtu 1500
        pfsync: syncdev: bce0 syncpeer: ***PEERIP***.11 maxupd: 128 defer: on
        syncok: 1</up,running></promisc></full-duplex></performnud,auto_linklocal></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,jumbo_mtu,vlan_hwcsum,vlan_hwtso,linkstate></up,broadcast,running,promisc,simplex,multicast>

                After a Time:

                bce1: flags=8943 <up,broadcast,running,promisc,simplex,multicast>metric 0 mtu 1500
        options=c00bb <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,jumbo_mtu,vlan_hwcsum,vlan_hwtso,linkstate>ether 00:1a:64:7a:52:b0
        inet6 fe80::21a:64ff:fe7a:52b0%bce1 prefixlen 64 scopeid 0x6
        inet ***IPv4***.12 netmask 0xfffffff8 broadcast ***IPv4***.15
        inet6 2a00:***IPv6***f2 prefixlen 64
        inet ***IPv4***.10 netmask 0xfffffff8 broadcast ***IPv4***.15 vhid 2
        nd6 options=21 <performnud,auto_linklocal>media: Ethernet autoselect (1000baseT <full-duplex>)
        status: active
        carp: BACKUP vhid 2 advbase 1 advskew 101
pflog0: flags=100 <promisc>metric 0 mtu 33144
pfsync0: flags=41 <up,running>metric 0 mtu 1500
        pfsync: syncdev: bce0 syncpeer: ***PEERIP***.11 maxupd: 128 defer: on
        syncok: 1</up,running></promisc></full-duplex></performnud,auto_linklocal></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,jumbo_mtu,vlan_hwcsum,vlan_hwtso,linkstate></up,broadcast,running,promisc,simplex,multicast>

                The virtual IPv6-IF is missing there.

                In the Logfile i only see this:

                Apr 5 00:05:29 	php-fpm[78361]: /rc.filter_configure_sync: Could not find IPv6 gateway for interface (opt2).
Apr 5 00:05:28 	kernel: carp: demoted by 0 to 0 (pfsync bulk done)
Apr 5 00:05:28 	php-fpm[8462]: /xmlrpc.php: Resyncing OpenVPN instances.
Apr 5 00:05:28 	php-fpm[8462]: /xmlrpc.php: ROUTING: setting IPv6 default route to 2A00:***IPv6GW*:1
Apr 5 00:05:28 	php-fpm[8462]: /xmlrpc.php: ROUTING: setting default route to ***IPv4Gw***.9
Apr 5 00:05:28 	check_reload_status: Reloading filter
Apr 5 00:05:28 	php-fpm[78361]: /xmlrpc.php: Configuring CARP settings finalize...
Apr 5 00:05:28 	php-fpm[78361]: /xmlrpc.php: pfsync done in 0 seconds.
Apr 5 00:05:28 	php-fpm[78361]: /xmlrpc.php: waiting for pfsync...
Apr 5 00:05:27 	kernel: carp: demoted by 0 to 0 (pfsync bulk start)
Apr 5 00:05:27 	kernel: ifa_del_loopback_route: deletion failed: 3
Apr 5 00:05:27 	kernel: ifa_del_loopback_route: deletion failed: 3
Apr 5 00:05:27 	kernel: ifa_del_loopback_route: deletion failed: 3

                Greeting

                1 Reply Last reply Reply Quote 0
                • M Offline
                  masterd01
                  last edited by

                  Update: I found out, that if i do a change on the first firewall the XMLRPC Sync make the two IPv6-IFs invisible. After some tests i found out, that the Problem comes if i activated the VIP-Config-Transfer from the Master to Slave-Config

                  1 Reply Last reply Reply Quote 0
                  • C Offline
                    cmb
                    last edited by

                    I figured it was the config sync doing it, the question is why. It's not a general issue. I'm guessing if you go to Firewall>Virtual IPs on the secondary, edit (no need to change anything), save, and apply changes, it shows up there fine?

                    There's something about your config that makes it not work, but it isn't clear what. Could you get me a config backup from both systems, or get me remote access to them?

                    1 Reply Last reply Reply Quote 0
                    • M Offline
                      masterd01
                      last edited by

                      Yes that's true. If i chance something on the slave the IFs going up. So i had stop syncing the Virtual-IPs from the master and everything is good.
                      I send you a backup of the systems via EMail - is more secure :-)

                      1 Reply Last reply Reply Quote 0
                      • M Offline
                        masterd01
                        last edited by

                        Hi,

                        after Update to the 2.2.2 the Problem is still existing. Any ideas or solution?

                        Thanks a lot

                        1 Reply Last reply Reply Quote 0
                        • C Offline
                          cmb
                          last edited by

                          Your config is unusual, and technically incorrect probably with the /128 IPs on the interfaces. I believe if you put an IP within the /64 of the CARP VIP on each interface instead of that /128, it will likely work fine.

                          1 Reply Last reply Reply Quote 0
                          • First post
                            Last post
                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.