Enabling carp in pf.boot.conf?

To: tech-net%NetBSD.org@localhost
Subject: Enabling carp in pf.boot.conf?
From: Hauke Fath <hf%spg.tu-darmstadt.de@localhost>
Date: Fri, 26 May 2017 13:28:45 +0200

All,

when my pf & carp routers reboot, I see gratuitous failovers and/ornon-failovers, since pf is started after configuring the network interfaces:


[...]
Waiting for DAD to complete for statically configured addresses...
carp0: state transition from: INIT -> to: BACKUP
carp2: INIT -> MASTER (preempting)
carp2: state transition from: BACKUP -> to: MASTER
carp2: ip_output failed: 65
carp3: INIT -> MASTER (preempting)
carp3: state transition from: BACKUP -> to: MASTER
carp3: ip_output failed: 65
carp7: INIT -> MASTER (preempting)
carp7: state transition from: BACKUP -> to: MASTER
carp7: ip_output failed: 65
carp8: INIT -> MASTER (preempting)
carp8: state transition from: BACKUP -> to: MASTER
carp8: ip_output failed: 65
carp9: INIT -> MASTER (preempting)
carp9: state transition from: BACKUP -> to: MASTER
carp9: ip_output failed: 65
carp10: INIT -> MASTER (preempting)
carp10: state transition from: BACKUP -> to: MASTER
carp10: ip_output failed: 65
carp11: INIT -> MASTER (preempting)
carp11: state transition from: BACKUP -> to: MASTER
carp11: ip_output failed: 65
carp12: INIT -> MASTER (preempting)
carp12: state transition from: BACKUP -> to: MASTER
carp12: ip_output failed: 65
carp0: INIT -> MASTER (preempting)
carp0: state transition from: BACKUP -> to: MASTER
carp0: ip_output failed: 65
carp2: ip_output failed: 65
carp3: ip_output failed: 65
carp7: ip_output failed: 65
carp8: ip_output failed: 65
carp9: ip_output failed: 65
carp10: ip_output failed: 65
carp11: ip_output failed: 65
carp12: ip_output failed: 65
carp0: ip_output failed: 65
Enabling pf firewall.
carp2: ip_output failed: 65
[...]

Enabling carp packets in pf.boot.conf fixes the problem:

Index: pf.boot.conf
===================================================================
RCS file: /cvsroot/src/usr.sbin/pf/etc/defaults/pf.boot.conf,v
retrieving revision 1.3
diff -u -u -r1.3 pf.boot.conf
--- pf.boot.conf        2 Sep 2007 15:28:43 -0000       1.3
+++ pf.boot.conf        26 May 2017 11:26:55 -0000
@@ -28,3 +28,6 @@
 pass in inet6 proto ipv6-icmp all icmp6-type neighbradv
 pass out inet6 proto ipv6-icmp all icmp6-type routersol
 pass in inet6 proto ipv6-icmp all icmp6-type routeradv
+
+# Enable carp, to avoid gratuitous failovers.
+pass proto carp

-- okay to commit?

Cheerio,
hauke

--
     The ASCII Ribbon Campaign                    Hauke Fath
()     No HTML/RTF in email	        Institut für Nachrichtentechnik
/\     No Word docs in email                     TU Darmstadt
     Respect for open standards              Ruf +49-6151-16-21344

Follow-Ups:
- Re: Enabling carp in pf.boot.conf?
  - From: Christos Zoulas

Prev by Date: Re: status of bpf_mtap()/bpf_mtap_softint() ?
Next by Date: Re: vlan(4) mpsafe
Previous by Thread: status of bpf_mtap()/bpf_mtap_softint() ?
Next by Thread: Re: Enabling carp in pf.boot.conf?
Indexes:

Home | Main Index | Thread Index | Old Index