CARP on LAN + WIFI issue (using ALIX 2D13)



  • Hello all,

    I've been searching for a while and don't seem to find someone having the same issue.

    So first what i want to accomplish :
    Using 2 ALIX 2D13 boxes, i wish to have a complete LAN+WIFI+WAN failover solution.

    What is working :

    • I have LAN CARP working OK (VIP : 192.168.1.1 | ALIX box1 : 192.168.1.2 | ALIX box2 : 192.168.1.3)
    • I have WAN1 CARP working OK
    • I have WAN2 CARP working OK
    • Failover/loadbalancing between WAN1 and WAN2 is working (not CARP related though)
    • Cluster communication is on a dedicated subnet (192.168.99.0/24) and is working as well

    What is not working :

    • When connecting through WIFI i can't ping the LAN VIP (192.168.1.1 which will be used as Internet gateway) I can only ping the LAN IPs
    • Then if I disable and reenable CARP, then I can ping the LAN VIP again (the enable/disable of CARP is "doing something")
    • If I disconnect and reconnect from WIFI, I can't ping the LAN VIP

    I have WIFI and LAN interface bridged (and in a group) so that firewall rules are the same whether i'm wireless or not.
    So far i'm stuck, because I intend to push the LAN VIP as the default gateway to all workstations using my Windows DHCP server (which is on LAN).

    Any idea ?



  • I found a workaround which is not ideal but allows me to move on.

    I noticed that in fact i couldn't ping the LAN VIP if i was connected in WiFi to the active CARP appliance.
    So basically instead of having two active hotspots, I just had to make sure the hotspot was disabled on the active CARP appliance.

    To do so here is what I did:

    1 - Modify /etc/devd.conf to point to custom rc.carp scripts

    
    ...
    # CARP notify hooks. This will call carpup/carpdown with the
    # interface (carp0, carp1) as the first parameter.
    notify 100 {
        match "system"          "IFNET";
        match "type"            "LINK_UP";
        match "subsystem"           "[a-zA-Z0-9_]+_vip[0-9]+";
        action "/etc/rc.carpmaster.custom $subsystem";
    };
    
    notify 100 {
        match "system"          "IFNET";
        match "type"            "LINK_DOWN";
        match "subsystem"           "[a-zA-Z0-9_]+_vip[0-9]+";
        action "/etc/rc.carpbackup.custom $subsystem";
    };
    ...
    
    

    2 - Create /etc/rc.carpmaster.custom

    
    #!/bin/sh
    /etc/rc.carpmaster $1
    ifconfig ath0_wlan0 down
    /usr/local/sbin/pfSsh.php playback svc restart racoon
    
    

    3 - Create /etc/rc.carpbackup.custom

    
    #!/bin/sh
    /etc/rc.carpbackup $1
    ifconfig ath0_wlan0 up
    
    

    So basically, when an appliance becomes master:

    • It runs the usual carp scripts
    • It disables the hotspot
    • It restarts racoon (to make sure IPSEC connection are restarted)

    when an appliance becomes master:

    • It runs the usual carp scripts
    • It enables the hotspot

    Having the same SSID and both appliance not too far from one another makes it almost transparent to end-users (about 30 seconds service interruption in case of a CARP failover).


Log in to reply