Re: CARP balancing source-IP whoes

From: "Joachim Schipper" <jdNoOtSPAMschipper@xxxxxxxxxx>
Date: 23 Jun 2007 12:01:24 GMT

Remco Bressers <remco@xxxxxxxxx> wrote:

I'm running 2 boxes with FreeBSD 6.2-STABLE and CARP configured to share a
single IP address. (I know this group is OpenBSD, but this issue is
only related to CARP.)

These 2 boxes are mailservers for which i do DNS
round-robin for incoming e-mail on the HOST IP address (not the CARP
address). Ofcourse this works nicely. But.. all outgoing mail has to go
out with that single IP address on the CARP interface as the source IP
address. On Postfix this is configured using the smtp_bind_address. This
works fine, but when using CARP with arpbalance, only one machine can send
out and the other machine can't use the same source address.

This is the CARP configuration for host A :

carp0: flags=49<UP,LOOPBACK,RUNNING> mtu 1500
inet 10.0.0.1 netmask 0xffffff00
carp: MASTER vhid 1 advbase 1 advskew 0
carp1: flags=49<UP,LOOPBACK,RUNNING> mtu 1500
inet 10.0.0.1 netmask 0xffffff00
carp: BACKUP vhid 2 advbase 1 advskew 100

This is the CARP configuration for host B :

carp0: flags=49<UP,LOOPBACK,RUNNING> mtu 1500
inet 10.0.0.1 netmask 0xffffff00
carp: BACKUP vhid 1 advbase 1 advskew 100
carp1: flags=49<UP,LOOPBACK,RUNNING> mtu 1500
inet 10.0.0.1 netmask 0xffffff00
carp: MASTER vhid 2 advbase 1 advskew 0

The following sysctl vars are set on both machines:

net.inet.carp.allow: 1
net.inet.carp.preempt: 1
net.inet.carp.log: 2
net.inet.carp.arpbalance: 1
net.inet.carp.suppress_preempt: 0

I know that arpbalance won't work behind a router for incoming traffic,
but why is it that there's only one machine that can use the CARP address
as a source address?

What do you think would happen to the return traffic?

I hope one of you has a solution (preferably with CARP, but other
solutions are also welcome as well).

What do you really want to do? And why can you not
a) send from two distinct addresses?
b) use NAT at the border device?

Joachim
.

References:
- CARP balancing source-IP whoes
  - From: Remco Bressers

Prev by Date: Re: need help choosing appropriate BSD distro
Next by Date: Re: List of installed software packages: pkg_info?
Previous by thread: CARP balancing source-IP whoes
Next by thread: Caesarion website moved !
Index(es):
- Date
- Thread

Relevant Pages

CARP Question
... With this I would expect that, being both servers online, they should have two MASTER and two BACKUP carp interfaces each. ... BACKUP vhid 1 advbase 1 advskew 100 ...
(freebsd-net)
Re: CARP Question
... With this I would expect that, being both servers online, they should have two MASTER and two BACKUP carp interfaces each. ... BACKUP vhid 1 advbase 1 advskew 100 ...
(freebsd-net)
Carp Problem - FreeBSD6 - seems to be bound to loopback?
... I'm trying to get CARP up and running on a pair of BSD6 boxes. ... MASTER vhid 10 advbase 1 advskew 10 ...
(freebsd-net)
Re: master->backup CARP issue
... each one has 4 CARP interfaces in preempt ... Backup without any reason preempts Master and after a while (an hour ... MASTER vhid 1 advbase 1 advskew 10 ...
(freebsd-questions)
Re: CARP + PFSYNC + NAT
... balancing, which CARP only does for LAN traffic, not routed) I believe the ... problem you have is no carp interface is set to be a master ... "advskew" in CARP man page). ... > pass bar ...
(comp.unix.bsd.openbsd.misc)