RE: Dummynet,VLAN and CARP broken??

From: <Tyrone@xxxxxxxxxxxxxxxxx>
Date: Fri, 6 Oct 2006 12:37:32 +0200

I found out that you still need to let carp packets through even though
all you doing is traffic shaping

So ipfw add 1 allow carp from any to any

Did the trick for me

Regards

tyrone

-----Original Message-----
From: owner-freebsd-isp@xxxxxxxxxxx
[mailto:owner-freebsd-isp@xxxxxxxxxxx] On Behalf Of
Tyrone@xxxxxxxxxxxxxxxxx
Sent: den 6 oktober 2006 11:46
To: freebsd-ipfw@xxxxxxxxxxx; freebsd-isp@xxxxxxxxxxx
Subject: Dummynet,VLAN and CARP broken??

Hi

Running FreeBSD6.1-RC
Kernel compiled with the following

options IPFIREWALL #firewall
options IPFIREWALL_VERBOSE #enable logging to syslogd(8)
options IPFIREWALL_FORWARD #enable transparent proxy
options IPFIREWALL_VERBOSE_LIMIT=100 #limit verbosity
options IPFIREWALL_DEFAULT_TO_ACCEPT #allow everything by
options IPDIVERT #divert sockets
options DUMMYNET
options BRIDGE
options HZ=1000
options FAST_IPSEC
options TCP_SIGNATURE
device crypto
device cryptodev
device carp

Problem is with the CARP addresses staying in the "master" "master"
position when I have dummynet stripping bandwidth on that vlan. I take
the dummnet config away then the carp interfaces go to "master" and
"backup" as required.

My dummynet configs look like this

ipfw pipe 100 config bw 10500Kbit/s #setup shaping pipes 10Mbit
ipfw queue 1 config pipe 100 weight 100
ipfw queue 2 config pipe 100 weight 100
ipfw add 1000 queue 1 ip from any to any in via vlan148
ipfw add 1000 queue 2 ip from any to any out via vlan148

I have an open FW so no carp message should be blocked is dummynet
broken?

Regards

Tyrone
This e-mail is intended only for the use of the addressees named above
and may be confidential.
If you are not an addressee you must not use any information contained
in nor copy it nor inform any person other than the addressees of its
existence or contents.

_______________________________________________
freebsd-isp@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-isp
To unsubscribe, send any mail to "freebsd-isp-unsubscribe@xxxxxxxxxxx"
This e-mail is intended only for the use of the addressees named above and may be confidential.
If you are not an addressee you must not use any information contained in nor copy it nor inform any person other than the addressees of its existence or contents.

_______________________________________________
freebsd-isp@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-isp
To unsubscribe, send any mail to "freebsd-isp-unsubscribe@xxxxxxxxxxx"

References:
- Dummynet,VLAN and CARP broken??
  - From: Tyrone

Prev by Date: Dummynet,VLAN and CARP broken??
Next by Date: Onboard or low profile RAID recommendations
Previous by thread: Dummynet,VLAN and CARP broken??
Next by thread: Onboard or low profile RAID recommendations
Index(es):
- Date
- Thread

Relevant Pages

Fwd: carp + ipfw problem
... Subject: carp + ipfw problem ... I'm trying to configure a firewall with carp + ipfw, ... # ifconfig fxp1 ...
(freebsd-stable)
Fwd: carp + ipfw problem
... Subject: carp + ipfw problem ... I'm trying to configure a firewall with carp + ipfw, ... # ifconfig fxp1 ...
(freebsd-stable)
Re: Fwd: carp + ipfw problem
... > I'm trying to configure a firewall with carp + ipfw, ... > Packets are bypassing carp interface, instead ipfw log shows packet flow ...
(freebsd-stable)