CARP (VRRPv2 advertisements) spamming filter logs
currently running 2.0-BETA4 (i386) built on Mon Dec 20 22:18:43 EST 2010.
I noticed that after the update from an earlier 2.0 beta snapshot my filter logs get spammed by CARP messages.
In /tmp/rules.debug I found the responsible rule (which is inserted literally by etc/inc/filter.inc):
block in log quick proto carp from (self) to any
If I remove the "log" statement from the above rule and reload the filter, my filter log looks fine. I am wondering why the VRRPv2 advertisements from self should be logged at all…?
From the filter logs:
Dec 22 10:43:19 exgate0 pf: 172.16.27.248 > 18.104.22.168: VRRPv2, Advertisement, vrid 10, prio 0, authtype none, intvl 1s, length 36, addrs(7): 22.214.171.124,126.96.36.199,188.8.131.52,184.108.40.206,220.127.116.11,18.104.22.168,22.214.171.124
Dec 22 10:43:19 exgate0 pf: 00:00:00.070089 rule 11/0(match): block in on lagg0_vlan2911: (tos 0x10, ttl 255, id 39763, offset 0, flags [DF], proto VRRP (112), length 56)
Dec 22 10:43:19 exgate0 pf: 172.16.25.248 > 126.96.36.199: VRRPv2, Advertisement, vrid 8, prio 0, authtype none, intvl 1s, length 36, addrs(7): 188.8.131.52,184.108.40.206,220.127.116.11,18.104.22.168,22.214.171.124,126.96.36.199,188.8.131.52
Dec 22 10:43:19 exgate0 pf: 00:00:00.069976 rule 11/0(match): block in on lagg0_vlan2902: (tos 0x10, ttl 255, id 2097, offset 0, flags [DF], proto VRRP (112), length 56)h 36, addrs(7) VRRP
You should never see the advertisements from (self) come in off the wire.
If you do, you likely have a layer2 loop.
Thanks, this would explain it (and some other problems). The issue went away after rebooting the switches. Guess they forgot they had eben configured with LACP somehow.
Apologies for the false alarm.