Subject: RE: question about CARP
To: 'Liam J. Foy' <email@example.com>
From: George Chen <firstname.lastname@example.org>
Date: 05/10/2006 09:54:38
I have a same script on both firewalls.
ifconfig spi4 up
ifconfig spi7 up
ifconfig carp0 create
ifconfig carp0 vhid 1
ifconfig carp0 carpdev spi4
ifconfig carp0 advskew 150
ifconfig carp0 184.108.40.206
ifconfig carp1 create
ifconfig carp1 vhid 2
ifconfig carp1 carpdev spi7
ifconfig carp1 advskew 150
ifconfig carp1 220.127.116.11
sysctl -w net.inet.carp.preempt=1
When setup, carp0 and carp1 are MASTER on fw1. I bring carp0 down with
Ifconfig carp0 down.
I expect carp1 on fw1 will be down automatically. But it doesn't happen. The
result is that the traffic is blocked.
Actually I have made some modification to the code from
I wonder if this problem came from the original code or from my
I didn't know your patch. Would you share it with me?
From: tech-kern-owner@NetBSD.org [mailto:tech-kern-owner@NetBSD.org] On
Behalf Of Liam J. Foy
Sent: 2006 05 09 18:24
To: George Chen
Subject: Re: question about CARP
On 9 May 2006, at 05:34, George Chen wrote:
> I have a question about CARP.
> I have two firewalls named fw1 and fw2. eth0 and eth0 are two
> interfaces on
> both fw1 and fw2. It works well when fw1 serves as MASTER, which means
> fw1.eth0 and fw1.eth1 are all MASTER. The problem is, when I down
> and therefore fw1.eth0 becomes BACKUP while fw2.eth0 becomes
> MASTER, will
> fw1.eth1 failovers to fw2.eth1? I didn't see that fw1.eth1 becomes
> which leads to the traffic fails.
> I don't know if CARPs on different interfaces but one same
> appliance are
> associated. If not, CARP can't help if individual interface fails.
> Am I
> right? If yes, how does it implemented?
> Thanks for all your time,
> George Chen
Hello, yes, I understand what you mean. Please view the following URL:
Check the following:
# sysctl -w net.inet.carp.preempt=1
This will cause group interface fall over. Are you running my patch
CURRENT or just asking?
Liam J. Foy