Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    CARP preempt does't work

    Scheduled Pinned Locked Moved HA/CARP/VIPs
    18 Posts 3 Posters 1.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • DerelictD
      Derelict LAYER 8 Netgate
      last edited by

      You'll have to see if the CARP advertisements are actually arriving on the secondary in that case.

      Mar 12 17:08:28 kernel arp: 10.0.0.1 moved from 00:00:5e:00:01:02 to 00:08:a2:0e:10:f0 on mvneta1

      That should never happen. There should never be anything responding to ARP on a CARP VIP with an IS AT anything but the CARP MAC. What is at MAC Address 00:08:a2:0e:10:f0

      Chattanooga, Tennessee, USA
      A comprehensive network diagram is worth 10,000 words and 15 conference calls.
      DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
      Do Not Chat For Help! NO_WAN_EGRESS(TM)

      1 Reply Last reply Reply Quote 0
      • M
        mylos
        last edited by

        WAP VIP
        10.0.5.82 at 0:0:5e:0:1:1
        WAN Master
        10.0.5.83 at 0:8:a2:0e:10:4f
        WAN Slave
        10.0.5.84 at 0:8:a2:e:10:f1
        LAN VIP
        10.0.0.1 at 0:0:5e:0:1:2
        LAN Master
        10.0.0.2 at 0:8:a2:e:10:4e
        LAN Slave
        10.0.0.3 at 0:8:a2:e:10:f0

        1 Reply Last reply Reply Quote 0
        • DerelictD
          Derelict LAYER 8 Netgate
          last edited by

          Take a really good look at the configuration of the secondary.

          Packet capture a bunch of ARP during failover tests and take a good look at that. There should never be an ARP IS AT response for a CARP VIP that contains an interface MAC as the payload. It will be sourced from the interface MAC but contain the CARP Mac. If there is I would like to see the capture.

          Chattanooga, Tennessee, USA
          A comprehensive network diagram is worth 10,000 words and 15 conference calls.
          DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
          Do Not Chat For Help! NO_WAN_EGRESS(TM)

          1 Reply Last reply Reply Quote 0
          • M
            mylos
            last edited by

            Operation: unplug the WAN cable on the Master

            Packet capture on LAN on slave
            17:34:48.781554 ARP, Request who-has 10.0.0.1 tell 10.0.0.1, length 28
            17:34:48.781952 ARP, Reply 10.0.0.1 is-at 00:08:a2:0e:10:4e, length 46
            17:34:50.173825 ARP, Request who-has 10.0.0.1 tell 10.0.0.1, length 46
            17:34:50.173860 ARP, Reply 10.0.0.1 is-at 00:08:a2:0e:10:f0, length 28

            Packet capture on LAN on master
            17:34:48.783981 ARP, Request who-has 10.0.0.1 tell 10.0.0.1, length 46
            17:34:48.784012 ARP, Reply 10.0.0.1 is-at 00:08:a2:0e:10:4e, length 28
            17:34:50.175740 ARP, Request who-has 10.0.0.1 tell 10.0.0.1, length 28
            17:34:50.176185 ARP, Reply 10.0.0.1 is-at 00:08:a2:0e:10:f0, length 46

            Slave before failover
            mvneta1: flags=8b43<UP,BROADCAST,RUNNING,PROMISC,ALLMULTI,SIMPLEX,MULTICAST> metric 0 mtu 1500
            options=bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM>
            ether 00:08:a2:0e:10:f0
            hwaddr 00:08:a2:0e:10:f0
            inet 10.0.0.3 netmask 0xffffff00 broadcast 10.0.0.255
            inet 10.0.0.1 netmask 0xffffff00 broadcast 10.0.0.255 vhid 2
            inet6 fe80::1:1%mvneta1 prefixlen 64 scopeid 0x2
            carp: BACKUP vhid 2 advbase 1 advskew 100
            media: Ethernet 2500Base-KX <full-duplex>
            status: active
            nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
            mvneta2: flags=8b43<UP,BROADCAST,RUNNING,PROMISC,ALLMULTI,SIMPLEX,MULTICAST> metric 0 mtu 1500
            options=800bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,LINKSTATE>
            ether 00:08:a2:0e:10:f1
            hwaddr 00:08:a2:0e:10:f1
            inet6 fe80::208:a2ff:fe0e:10f1%mvneta2 prefixlen 64 scopeid 0x8
            inet 10.0.5.84 netmask 0xffffff00 broadcast 10.0.5.255
            inet 10.0.5.82 netmask 0xffffff00 broadcast 10.0.5.255 vhid 1
            carp: BACKUP vhid 1 advbase 1 advskew 100
            media: Ethernet autoselect (1000baseT <full-duplex>)
            status: active
            nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL>

            Master before failover
            mvneta1: flags=8b43<UP,BROADCAST,RUNNING,PROMISC,ALLMULTI,SIMPLEX,MULTICAST> metric 0 mtu 1500
            options=bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM>
            ether 00:08:a2:0e:10:4e
            hwaddr 00:08:a2:0e:10:4e
            inet 10.0.0.2 netmask 0xffffff00 broadcast 10.0.0.255
            inet 10.0.0.1 netmask 0xffffff00 broadcast 10.0.0.255 vhid 2
            inet6 fe80::1:1%mvneta1 prefixlen 64 scopeid 0x2
            carp: MASTER vhid 2 advbase 1 advskew 0
            media: Ethernet 2500Base-KX <full-duplex>
            status: active
            nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
            mvneta2: flags=8b43<UP,BROADCAST,RUNNING,PROMISC,ALLMULTI,SIMPLEX,MULTICAST> metric 0 mtu 1500
            options=800bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,LINKSTATE>
            ether 00:08:a2:0e:10:4f
            hwaddr 00:08:a2:0e:10:4f
            inet6 fe80::208:a2ff:fe0e:104f%mvneta2 prefixlen 64 scopeid 0x8
            inet 10.0.5.83 netmask 0xffffff00 broadcast 10.0.5.255
            inet 10.0.5.82 netmask 0xffffff00 broadcast 10.0.5.255 vhid 1
            carp: MASTER vhid 1 advbase 1 advskew 0
            media: Ethernet autoselect (1000baseT <full-duplex>)
            status: active
            nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL>

            slave after failover
            mvneta1: flags=8b43<UP,BROADCAST,RUNNING,PROMISC,ALLMULTI,SIMPLEX,MULTICAST> metric 0 mtu 1500
            options=bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM>
            ether 00:08:a2:0e:10:f0
            hwaddr 00:08:a2:0e:10:f0
            inet 10.0.0.3 netmask 0xffffff00 broadcast 10.0.0.255
            inet 10.0.0.1 netmask 0xffffff00 broadcast 10.0.0.255 vhid 2
            inet6 fe80::1:1%mvneta1 prefixlen 64 scopeid 0x2
            carp: BACKUP vhid 2 advbase 1 advskew 100
            media: Ethernet 2500Base-KX <full-duplex>
            status: active
            nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
            mvneta2: flags=8b43<UP,BROADCAST,RUNNING,PROMISC,ALLMULTI,SIMPLEX,MULTICAST> metric 0 mtu 1500
            options=800bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,LINKSTATE>
            ether 00:08:a2:0e:10:f1
            hwaddr 00:08:a2:0e:10:f1
            inet6 fe80::208:a2ff:fe0e:10f1%mvneta2 prefixlen 64 scopeid 0x8
            inet 10.0.5.84 netmask 0xffffff00 broadcast 10.0.5.255
            inet 10.0.5.82 netmask 0xffffff00 broadcast 10.0.5.255 vhid 1
            carp: MASTER vhid 1 advbase 1 advskew 100
            media: Ethernet autoselect (1000baseT <full-duplex>)
            status: active
            nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL>

            master after failover
            mvneta1: flags=8b43<UP,BROADCAST,RUNNING,PROMISC,ALLMULTI,SIMPLEX,MULTICAST> metric 0 mtu 1500
            options=bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM>
            ether 00:08:a2:0e:10:4e
            hwaddr 00:08:a2:0e:10:4e
            inet 10.0.0.2 netmask 0xffffff00 broadcast 10.0.0.255
            inet 10.0.0.1 netmask 0xffffff00 broadcast 10.0.0.255 vhid 2
            inet6 fe80::1:1%mvneta1 prefixlen 64 scopeid 0x2
            carp: MASTER vhid 2 advbase 1 advskew 0
            media: Ethernet 2500Base-KX <full-duplex>
            status: active
            nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
            mvneta2: flags=8a43<UP,BROADCAST,RUNNING,ALLMULTI,SIMPLEX,MULTICAST> metric 0 mtu 1500
            options=800bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,LINKSTATE>
            ether 00:08:a2:0e:10:4f
            hwaddr 00:08:a2:0e:10:4f
            inet6 fe80::208:a2ff:fe0e:104f%mvneta2 prefixlen 64 scopeid 0x8
            media: Ethernet autoselect (none)
            status: no carrier
            nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL>

            1 Reply Last reply Reply Quote 0
            • DerelictD
              Derelict LAYER 8 Netgate
              last edited by

              @mylos said in CARP preempt does't work:

              17:34:48.781554 ARP, Request who-has 10.0.0.1 tell 10.0.0.1, length 28

              That also makes no sense. Does it make sense to you?

              Please download and post the raw pcap.

              Chattanooga, Tennessee, USA
              A comprehensive network diagram is worth 10,000 words and 15 conference calls.
              DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
              Do Not Chat For Help! NO_WAN_EGRESS(TM)

              1 Reply Last reply Reply Quote 0
              • M
                mylos
                last edited by

                Nope does not make any sense for me as well

                d4c3 b2a1 0200 0400 0000 0000 0000 0000
                0000 0400 0100 0000 1998 8a5c 2f42 0a00
                2a00 0000 2a00 0000 ffff ffff ffff 0008
                a20e 10f0 0806 0001 0800 0604 0001 0000
                5e00 0102 0a00 0001 0000 0000 0000 0a00
                0001 1998 8a5c ad43 0a00 3c00 0000 3c00
                0000 0000 5e00 0102 0008 a20e 104e 0806
                0001 0800 0604 0002 0008 a20e 104e 0a00
                0001 0000 5e00 0102 0a00 0001 0000 0000
                0000 0000 0000 0000 0000 0000 0000 1b98
                8a5c 06fc 0000 3c00 0000 3c00 0000 ffff
                ffff ffff 0008 a20e 104e 0806 0001 0800
                0604 0001 0000 5e00 0102 0a00 0001 0000
                0000 0000 0a00 0001 0000 0000 0000 0000
                0000 0000 0000 0000 0000 1b98 8a5c 26fc
                0000 2a00 0000 2a00 0000 0000 5e00 0102
                0008 a20e 10f0 0806 0001 0800 0604 0002
                0008 a20e 10f0 0a00 0001 0000 5e00 0102
                0a00 0001

                1 Reply Last reply Reply Quote 0
                • DerelictD
                  Derelict LAYER 8 Netgate
                  last edited by

                  You will need to attach the capture file.

                  I cannot properly test SG-3100 HA. I only have one unit.

                  Chattanooga, Tennessee, USA
                  A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                  DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                  Do Not Chat For Help! NO_WAN_EGRESS(TM)

                  1 Reply Last reply Reply Quote 0
                  • M
                    mylos
                    last edited by

                    The above is the capture file. Save as hexadecimal as dump.pcap

                    1 Reply Last reply Reply Quote 0
                    • DerelictD
                      Derelict LAYER 8 Netgate
                      last edited by

                      Yeah, no thanks. attach the pcap please.

                      Chattanooga, Tennessee, USA
                      A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                      DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                      Do Not Chat For Help! NO_WAN_EGRESS(TM)

                      1 Reply Last reply Reply Quote 0
                      • M
                        mylos
                        last edited by

                        0_1552590318279_dump.pcap

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.