What CARP interface name I must use for OpenBGP "Depend on" parameter? v2.2
-
I try to setup BGP session on a CARP interface
I read this https://doc.pfsense.org/index.php/OpenBGPD_package
"Another option is to use "local-address <carp address="">" and "depend-on carpX". "And read this http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man5/bgpd.conf.5?query=bgpd.conf
" depend on interface
The neighbor session will be kept in state IDLE as long as interface reports no link. For carp(4) interfaces, no link means that the interface is currently backup. This is primarily intended to be used with carp(4) to reduce failover times.
The state of the network interfaces on the system can be viewed using the show interfaces command to bgpctl(8)."I run "bgpctl show interface" and see no carpX interfaces (but I have at least six)
/root: bgpctl show interfaces
Interface Nexthop state Flags Link state
em2_vlan14 ok UP active, 1000 MBit/s
em2_vlan47 ok UP active, 1000 MBit/s
em2_vlan38 ok UP active, 1000 MBit/s
em2_vlan36 ok UP active, 1000 MBit/s
em2_vlan44 ok UP active, 1000 MBit/s
em2_vlan41 ok UP active, 1000 MBit/s
em2_vlan37 ok UP active, 1000 MBit/s
em2_vlan34 ok UP active, 1000 MBit/s
enc0 ok UP invalid
lo0 ok UP invalid
pfsync0 invalid invalid
pflog0 invalid invalid
em2 ok UP Ethernet, active, 1000 MBit/s
em1 ok UP Ethernet, invalid, 10 MBit/s
em0 ok UP Ethernet, active, 1000 MBit/sWhere I can find the right CARP interface name for OpenBGP configuration?</carp>
-
The change in the underlying FreeBSD has changed how CARP operates
@FreeBSD:HISTORY
The carp device first appeared in OpenBSD 3.5. The carp device was
imported into FreeBSD 5.4. In FreeBSD 10.0, carp was significantly
rewritten, and is no longer a pseudo-interface.CARP VIPs no longer shows as a separate Interface. Not sure what the best method of dealing with BGP is.
-
Ok, additionally I have problem with IPsec between systems. I understand, because in version 2.2 was changed CARP working ideology AND updated OpenBGB package from 0.82 to 0.83 AND changed IPsec service from racoon to OpenSwan, no one can say what exactly happened in the system.
Very sad, it looks like version 2.2 is totally unusable. Downgrading to version 2.1.5 is the only way to solve configuration problems with CARP and OpenBGP. -
Where I can find the right CARP interface name for OpenBGP configuration?
exact same issue here.. :(
-
There unfortunately isn't an exact replacement for that in the CARP in FreeBSD 10.1.
But you can effectively accomplish the same thing by stopping/starting bpgd with CARP master status. Just add the start/stop to /etc/rc.carpbackup and /etc/rc.carpmaster. Those are executed when CARP switches to backup and master status, respectively. Start on master, stop on backup.
-
Where I can find the right CARP interface name for OpenBGP configuration?
exact same issue here.. :(
okey, so i hacked it a bit
I had two interfaces available, so I have made a loopcabel from em3 to em4 on both my pfsense servers
upped both interfaces on carp MASTER
upped em4 on carp BACKUP
made this change to /etc/devd.conf
/etc: cat /etc/devd.conf
$Id$
$FreeBSD: src/etc/devd.conf,v 1.26.2.1 2005/09/03 22:49:22 sam Exp $
options {
directory "/etc/devd";
directory "/usr/local/etc/devd";
pid-file "/var/run/devd.pid";
set scsi-controller-regex
"(aac|adv|adw|aha|ahb|ahc|ahd|aic|amd|amr|asr|bt|ciss|ct|dpt|
esp|ida|iir|ips|isp|mlx|mly|mpt|ncr|ncv|nsp|stg|sym|trm|wds)
[0-9]+";
};CARP notify hooks. This will call carpup/carpdown with the
interface (carp0, carp1) as the first parameter.
notify 100 {
match "system" "CARP";
match "type" "MASTER";
action "/sbin/ifconfig em3 up && /usr/local/sbin/pfSctl -c 'interface carpmaster $subsystem'";
};notify 100 {
match "system" "CARP";
match "type" "BACKUP";
action "/sbin/ifconfig em3 down && /usr/local/sbin/pfSctl -c 'interface carpbackup $subsystem'";
};When a USB keyboard arrives, attach it as the console keyboard.
attach 100 {
device-name "ukbd0";
action "kbdcontrol -k /dev/ukbd0 < /dev/console 2>/dev/null";
};detach 100 {
device-name "ukbd0";
action "kbdcontrol -k /dev/kbd0 < /dev/console 2>/dev/null";
};Signal upper levels that an event happened on ethernet class interface
notify 0 {
match "system" "IFNET";
match "type" "LINK_UP";
media-type "ethernet";
action "/usr/local/sbin/pfSctl -c 'interface linkup start $subsystem'";
};notify 0 {
match "system" "IFNET";
match "type" "LINK_DOWN";
media-type "ethernet";
action "/usr/local/sbin/pfSctl -c 'interface linkup stop $subsystem'";
};Signal upper levels that an event happened on 802.11 class interface
notify 0 {
match "system" "IFNET";
match "type" "LINK_UP";
match "subsystem" "[a-z]+[0-9]+_wlan[0-9]+";
action "/usr/local/sbin/pfSctl -c 'interface linkup start $subsystem'";
};Notify all users before beginning emergency shutdown when we get
a _CRT or _HOT thermal event and we're going to power down the system
very soon.
notify 10 {
match "system" "ACPI";
match "subsystem" "Thermal";
match "notify" "0xcc";
action "logger -p kern.emerg 'WARNING: system temperature too high, shutting down soon!'";
};note the ifconfig em3 up and down commands that are now included
openbgpd now "depends on em3" where i usually used the carp interface
works like a charm…
... todo:
might need to save devd.conf and recopy it to /etc doing boot, and restart devd
-
Where I can find the right CARP interface name for OpenBGP configuration?
exact same issue here.. :(
okey, so i hacked it a bit
I had two interfaces available, so I have made a loopcabel from em3 to em4 on both my pfsense servers
upped both interfaces on carp MASTER
upped em4 on carp BACKUP
made this change to /etc/devd.conf
Very curious, but I have a pure virtual production environment at the problem site. Anyway, I switched back to 2.1.5.
-
Piggy-backing on this thread a bit as I'm setting up OpenBGP with CARP right now and didn't realize 2.2 had this issue.
Has anybody found a clean way to get this working or is the only option to fall back to 2.1.5 now? My worry is that upgrading to 2.2 after implementing all of this on 2.1.5 is going to be a nightmare.
-
Did you try CMB's suggestion of editing the scripts?
-
I somehow glossed over that part of the post, thanks for pointing that out.
That looks simple enough my only worry is how might editing those scripts impact future upgrades?
-
Yeah, it would get wiped on upgrade but you could just re-add it…
-
That can certainly be done, I'm not a huge fan of having exceptions to remember after I upgrade (or leaving those surprises for the next guy) but maybe a temporary workaround until this is sorted in the 2.2 series.
Would this handle preventing/starting that service when the firewall reboots as well then since CARP wouldn't be master on reboot?
-
Per Chris, the scripts execute when the firewall switches to master or backup, so it shouldn't start until the fw returns to master status.
-
I take it the same method could be utilized for Quagga?
-
That makes sense, thank you. I've been looking at the /etc/rc.carpbackup and /etc/rc.carpmaster scripts, I would assume the best place to stop/start OpenBGPd would be at the end of the script.
Is there a recommended way to restart this service without issuing a shell command via PHP or is that the only way to do it? I see other services that are built in can be restarted by including a file and then there's a function that performs the restart, not sure if that's the case with OpenBGP
-
Anybody have any thoughts on how I can stop/start this service from the php scripts as suggested?
-
I`m interested too 8)
-
Bump.
-
I added a CARP status field and code to support it on the latest version of the OpenBGPD package.
Notes on its use here:
https://doc.pfsense.org/index.php/OpenBGPD_package2.2-RELEASE through 2.2.2-RELEASE will need a small patch via System Patches for it to work properly (linked on the article). On 2.2.3 it will work without anything extra, just fill in the CARP status VIP box and Save.
-
Note that the patch URL doesn't seem to be provided on the Wiki:
http://files.atx.pfsense.org/jimp/patches/carp-status-fix.diff
