Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Force Config Sync : restart IPv6 CARP

    Scheduled Pinned Locked Moved 2.1 Snapshot Feedback and Problems - RETIRED
    5 Posts 2 Posters 2.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      dominique.fournier
      last edited by

      Hi

      When I click on "Force Config Sync" on a cluster CARP master, the slave start the following commands (I put a error_log in mwexec command, in /etc/inc/util.inc line 1010) :

      Jan  2 14:12:46 pfsense2 php: /xmlrpc.php: MWEXEC : The command '/sbin/ifconfig lan_vip12 inet6 2001:www:xxx:203::fe prefixlen 64 vhid 12 advskew 100 advbase 2  pass 'xxxx'' start
      Jan  2 14:12:46 pfsense2 kernel: lan_vip12: link state changed to DOWN
      Jan  2 14:12:46 pfsense2 php: /xmlrpc.php: MWEXEC : The command '/sbin/ifconfig wan_vip13 inet6 2001:www:xxx:2ff::42 prefixlen 64 vhid 13 advskew 100 advbase 2  pass 'xxxx'' start
      Jan  2 14:12:46 pfsense2 kernel: lan_vip12: INIT -> BACKUP
      Jan  2 14:12:46 pfsense2 kernel: lan_vip12: link state changed to DOWN
      Jan  2 14:12:46 pfsense2 kernel: wan_vip13: link state changed to DOWN
      Jan  2 14:12:46 pfsense2 php: /xmlrpc.php: MWEXEC : The command '/sbin/ifconfig opt1_vip14 inet6 2001:www:xxx:201::fe prefixlen 64 vhid 14 advskew 100 advbase 2  pass 'xxxx'' start
      Jan  2 14:12:46 pfsense2 kernel: wan_vip13: INIT -> BACKUP
      Jan  2 14:12:46 pfsense2 kernel: wan_vip13: link state changed to DOWN
      Jan  2 14:12:46 pfsense2 kernel: opt1_vip14: link state changed to DOWN
      Jan  2 14:12:46 pfsense2 php: /xmlrpc.php: MWEXEC : The command '/sbin/ifconfig opt8_vip17 inet6 2001:www:xxx:02d2::fe prefixlen 64 vhid 17 advskew 100 advbase 2  pass 'xxxx'' start
      Jan  2 14:12:46 pfsense2 kernel: opt1_vip14: INIT -> BACKUP
      Jan  2 14:12:46 pfsense2 kernel: opt1_vip14: link state changed to DOWN
      Jan  2 14:12:46 pfsense2 kernel: opt8_vip17: link state changed to DOWN
      Jan  2 14:12:46 pfsense2 php: /xmlrpc.php: MWEXEC : The command '/sbin/ifconfig opt9_vip19 inet6 2001:www:xxx:215::fe prefixlen 64 vhid 19 advskew 100 advbase 3  pass 'xxxx'' start
      Jan  2 14:12:46 pfsense2 kernel: opt8_vip17: INIT -> BACKUP
      Jan  2 14:12:46 pfsense2 kernel: opt8_vip17: link state changed to DOWN
      Jan  2 14:12:46 pfsense2 kernel: opt9_vip19: link state changed to DOWN
      Jan  2 14:12:46 pfsense2 php: /xmlrpc.php: MWEXEC : The command '/sbin/sysctl net.inet.carp.preempt=1' start
      Jan  2 14:12:46 pfsense2 kernel: opt9_vip19: INIT -> BACKUP
      Jan  2 14:12:46 pfsense2 kernel: opt9_vip19: link state changed to DOWN
      Jan  2 14:12:46 pfsense2 php: /xmlrpc.php: MWEXEC : The command 'sbin/sysctl net.inet.carp.log=1' start
      Jan  2 14:12:46 pfsense2 php: /xmlrpc.php: MWEXEC : The command '/sbin/ifconfig pfsync0 syncdev em1 syncpeer 192.168.254.1 up' start
      Jan  2 14:12:46 pfsense2 php: : Message sent to admin@domain OK
      Jan  2 14:12:46 pfsense2 php: : Message sent to admin@domain OK
      Jan  2 14:12:47 pfsense2 php: : Message sent to admin@domain  OK
      Jan  2 14:12:47 pfsense2 php: : Message sent to admin@domain OK
      Jan  2 14:12:47 pfsense2 php: : Message sent to admin@domain  OK
      Jan  2 14:12:47 pfsense2 php: /xmlrpc.php: waiting for pfsync...
      
      

      My problem is : I don't change the CARP interfaces !! So they should not be restarted.

      I think the function used to detect the changes is not working for IPv6… because the IPv4 CARP are not restarted.

      2.1 (amd64)

      1 Reply Last reply Reply Quote 0
      • D
        dominique.fournier
        last edited by

        Well, After debugging the problem, I have the following issue : pfSense_getall_interface_addresses (opt8_vip17) send an empty array

        I found the opt8_vip17 interface in ifconfig :

        opt8_vip17: flags=49 <up,loopback,running>metric 0 mtu 1500
        	inet6 fe80::200:5eff:fe00:111%opt8_vip17 prefixlen 64 scopeid 0x20 
        	inet6 2001:660:530d:2d2::fe prefixlen 64 
        	nd6 options=3 <performnud,accept_rtadv>carp: BACKUP vhid 17 advbase 2 advskew 100</performnud,accept_rtadv></up,loopback,running> 
        

        I found the function pfSense_getall_interface_addresses in pfSense.c but I don't understand how it works.

        It works well for IPv4 CARP, but no way to IPv6.
        IPv6 carp are wan_vip13, opt1_vip14, lan_vip12, opt8_vip17 and opt9_vip19
        Any idea ?

        2.1 (amd64)

        1 Reply Last reply Reply Quote 0
        • D
          databeestje
          last edited by

          The pfSense module does not have support for IPv6 yet, complicating issues.

          1 Reply Last reply Reply Quote 0
          • D
            dominique.fournier
            last edited by

            Strange because I think it was working at the end of summer. I add more CARP interfaces since this epoc but I think it was working well in IPv6. Any idea ?

            2.1 (amd64)

            1 Reply Last reply Reply Quote 0
            • D
              dominique.fournier
              last edited by

              I propose the following code to solve the problem.
              The pfSense_getall_interface_addresses function is used only on time : on CARP reload. So I don't use it and I use an other way to have the information.

              What do you think about this ?

              diff --git a/etc/inc/interfaces.inc b/etc/inc/interfaces.inc
              index 07d621d..0d3d658 100644
              --- a/etc/inc/interfaces.inc
              +++ b/etc/inc/interfaces.inc
              @@ -86,6 +86,21 @@ function does_interface_exist($interface) {
                              return false;
               }
              
              +function getall_interface_addresses ($realif) 
              +{
              +  // Return an array with all the IPs defined on a physical interface
              +  $ipv4 = get_interface_ip ($realif);
              +  $ipv6 = get_interface_ipv6 ($realif);
              +  $nm4 = get_interface_subnet ($realif);
              +  $nm6 = get_interface_subnetv6 ($realif);
              +  $ips = array ();
              +  if ($ipv4 !== NULL)
              +    $ips[] = "$ipv4/$nm4";
              +  if ($ipv6 !== NULL)
              +    $ips[] = "$ipv6/$nm6";
              +  return $ips;
              +}
              +
               /*
                * does_vip_exist($vip): return true or false if a vip is
                * configured.
              @@ -116,7 +131,7 @@ function does_vip_exist($vip) {
                              return false;
                      }
              
              -       $ifacedata = pfSense_getall_interface_addresses($realif);
              +       $ifacedata = getall_interface_addresses($realif);
                      foreach ($ifacedata as $vipips) {
                              if ($vipips == "{$vip['subnet']}/{$vip['subnet_bits']}")
                                      return true;
              
              

              2.1 (amd64)

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.