[FUG-BR] RES: RES: RES: Ajuda com CARP
Ricardo Augusto de Souza
ricardo.souza em cmtsp.com.br
Segunda Maio 11 12:43:19 BRT 2009
Alguem ai sabe como forço um carp a subir como backup?
Já inverti nas maquinas, agora o Ajax é máster e Trinity o backup.
Só que o carp externo sobe como master em ambos.
-----Mensagem original-----
De: freebsd-bounces em fug.com.br [mailto:freebsd-bounces em fug.com.br] Em nome de Ricardo Augusto de Souza
Enviada em: sexta-feira, 8 de maio de 2009 14:00
Para: Lista Brasileira de Discussão sobre FreeBSD (FUG-BR)
Assunto: [FUG-BR] RES: RES: Ajuda com CARP
O que eu notei agora é quee ambos os servers o status do carp0 esta como MASTER.
Trinity# ifconfig carp0
carp0: flags=49<UP,LOOPBACK,RUNNING> metric 0 mtu 1500
inet 200.143.111.113 netmask 0xfffffff0
carp: MASTER vhid 1 advbase 1 advskew 0
Trinity#
Ajax# ifconfig carp0
carp0: flags=49<UP,LOOPBACK,RUNNING> metric 0 mtu 1500
inet 200.143.111.113 netmask 0xfffffff0
carp: MASTER vhid 1 advbase 1 advskew 100
Ajax#
Eu achei que setando o advskew maior ele subiria como BACKUP.
Veja o carp1:
Trinity# ifconfig carp1
carp1: flags=49<UP,LOOPBACK,RUNNING> metric 0 mtu 1500
inet 10.100.0.119 netmask 0xffffff00
carp: MASTER vhid 2 advbase 1 advskew 0
Trinity#
Ajax# ifconfig carp1
carp1: flags=49<UP,LOOPBACK,RUNNING> metric 0 mtu 1500
inet 10.100.0.119 netmask 0xffffff00
carp: BACKUP vhid 2 advbase 1 advskew 100
Ajax#
O Carp1 aparentemente esta OK.
Alguem pode me dar um help?
Valeu
-----Mensagem original-----
De: freebsd-bounces em fug.com.br [mailto:freebsd-bounces em fug.com.br] Em nome de Ricardo Augusto de Souza
Enviada em: sexta-feira, 8 de maio de 2009 10:57
Para: Lista Brasileira de Discussão sobre FreeBSD (FUG-BR)
Assunto: [FUG-BR] RES: Ajuda com CARP
Consegui fazer funcionar o CARP+pfsync com a seguinte conf ( Ipv4 foram alterados ):
Trinity:
cloned_interfaces="carp0 carp1"
network_interfaces="lo0 bce0 bce1 pfsync0 em0 em1 em2 em3"
ifconfig_bce1="inet 10.100.0.125 netmask 255.255.255.0"
ifconfig_carp1="up 10.100.0.119/24 vhid 2 pass fw_cmt123"
ifconfig_bce0="inet 200.143.111.111 netmask 255.255.255.240"
ifconfig_carp0="up 200.143.111.113/28 vhid 1 pass fw_cmt123"
ifconfig_em3="inet 10.1.1.1 netmask 255.255.255.0"
ifconfig_pfsync0="up syncif em3"
Trinity# sysctl -a|grep carp
net.inet.ip.same_prefix_carp_only: 0
net.inet.carp.allow: 1
net.inet.carp.preempt: 1
net.inet.carp.log: 1
net.inet.carp.arpbalance: 0
net.inet.carp.suppress_preempt: 0
Trinity#
Ajax:
cloned_interfaces="carp0 carp1"
network_interfaces="lo0 bce0 bce1 pfsync0 em0 em1 em2 em3"
ifconfig_bce0="inet 200.143.111.112 netmask 255.255.255.240"
ifconfig_carp0="up 200.143.111.113/28 vhid 1 advskew 10 pass fw_cmt123"
ifconfig_bce1="inet 10.100.0.124 netmask 255.255.255.0"
ifconfig_carp1="up 10.100.0.119/24 vhid 2 advskew 10 pass fw_cmt123"
ifconfig_pfsync0="up syncif em3"
ifconfig_em3="inet 10.1.1.2 netmask 255.255.255.0"
Ajax# sysctl -a | grep carp
<6>carp0: promiscuous mode enabled
<6>carp0: promiscuous mode disabled
net.inet.ip.same_prefix_carp_only: 0
net.inet.carp.allow: 1
net.inet.carp.preempt: 1
net.inet.carp.log: 1
net.inet.carp.arpbalance: 0
net.inet.carp.suppress_preempt: 0
Ajax#
NO PF.conf tive que liberar as conexões na interface real ( no caso da bce0 ( ext_if ).
Neste cenário, a Trinity é a MASTER e o Ajax o BACKUP ( advskew maior, certo ), no entanto, monitorando a interface bce0 em ambos os servidores e pingando o IP externo do carp (200.143.111.113 ) os pacotes chegam em ambos servidores.
Trinity# tcpdump -i bce0 -n 'src host 189.57.57.57'
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on bce0, link-type EN10MB (Ethernet), capture size 96 bytes
10:41:53.244939 IP 189.57.57.57 > 200.143.111.113: ICMP echo request, id 18799, seq 0, length 64
10:41:54.247977 IP 189.57.57.57 > 200.143.111.113: ICMP echo request, id 18799, seq 1, length 64
10:41:55.257514 IP 189.57.57.57 > 200.143.111.113: ICMP echo request, id 18799, seq 2, length 64
10:41:56.267556 IP 189.57.57.57 > 200.143.111.113: ICMP echo request, id 18799, seq 3, length 64
10:41:57.279997 IP 189.57.57.57 > 200.143.111.113: ICMP echo request, id 18799, seq 4, length 64
10:41:58.286911 IP 189.57.57.57 > 200.143.111.113: ICMP echo request, id 18799, seq 5, length 64
10:41:59.296871 IP 189.57.57.57 > 200.143.111.113: ICMP echo request, id 18799, seq 6, length 64
10:42:00.306318 IP 189.57.57.57 > 200.143.111.113: ICMP echo request, id 18799, seq 7, length 64
10:42:01.316047 IP 189.57.57.57 > 200.143.111.113: ICMP echo request, id 18799, seq 8, length 64
10:42:02.328597 IP 189.57.57.57 > 200.143.111.113: ICMP echo request, id 18799, seq 9, length 64
10:42:03.381118 IP 189.57.57.57 > 200.143.111.113: ICMP echo request, id 18799, seq 10, length 64
10:42:04.345474 IP 189.57.57.57 > 200.143.111.113: ICMP echo request, id 18799, seq 11, length 64
10:42:05.355074 IP 189.57.57.57 > 200.143.111.113: ICMP echo request, id 18799, seq 12, length 64
10:42:06.364768 IP 189.57.57.57 > 200.143.111.113: ICMP echo request, id 18799, seq 13, length 64
10:42:07.374496 IP 189.57.57.57 > 200.143.111.113: ICMP echo request, id 18799, seq 14, length 64
10:42:08.416190 IP 189.57.57.57 > 200.143.111.113: ICMP echo request, id 18799, seq 15, length 64
10:42:09.394005 IP 189.57.57.57 > 200.143.111.113: ICMP echo request, id 18799, seq 16, length 64
10:42:10.404110 IP 189.57.57.57 > 200.143.111.113: ICMP echo request, id 18799, seq 17, length 64
10:42:11.414550 IP 189.57.57.57 > 200.143.111.113: ICMP echo request, id 18799, seq 18, length 64
10:42:12.423990 IP 189.57.57.57 > 200.143.111.113: ICMP echo request, id 18799, seq 19, length 64
10:42:13.534119 IP 189.57.57.57 > 200.143.111.113: ICMP echo request, id 18799, seq 20, length 64
10:42:21.510762 IP 189.57.57.57 > 200.143.111.113: ICMP echo request, id 18799, seq 28, length 64
10:42:22.520292 IP 189.57.57.57 > 200.143.111.113: ICMP echo request, id 18799, seq 29, length 64
10:42:23.530149 IP 189.57.57.57 > 200.143.111.113: ICMP echo request, id 18799, seq 30, length 64
10:42:24.585748 IP 189.57.57.57 > 200.143.111.113: ICMP echo request, id 18799, seq 31, length 64
10:42:25.549829 IP 189.57.57.57 > 200.143.111.113: ICMP echo request, id 18799, seq 32, length 64
10:42:26.559316 IP 189.57.57.57 > 200.143.111.113: ICMP echo request, id 18799, seq 33, length 64
10:42:27.570089 IP 189.57.57.57 > 200.143.111.113: ICMP echo request, id 18799, seq 34, length 64
10:42:28.578751 IP 189.57.57.57 > 200.143.111.113: ICMP echo request, id 18799, seq 35, length 64
10:42:29.588419 IP 189.57.57.57 > 200.143.111.113: ICMP echo request, id 18799, seq 36, length 64
10:42:30.598119 IP 189.57.57.57 > 200.143.111.113: ICMP echo request, id 18799, seq 37, length 64
10:42:31.607959 IP 189.57.57.57 > 200.143.111.113: ICMP echo request, id 18799, seq 38, length 64
10:42:32.618290 IP 189.57.57.57 > 200.143.111.113: ICMP echo request, id 18799, seq 39, length 64
10:42:33.627330 IP 189.57.57.57 > 200.143.111.113: ICMP echo request, id 18799, seq 40, length 64
10:42:34.637257 IP 189.57.57.57 > 200.143.111.113: ICMP echo request, id 18799, seq 41, length 64
10:42:35.646707 IP 189.57.57.57 > 200.143.111.113: ICMP echo request, id 18799, seq 42, length 64
10:42:36.656547 IP 189.57.57.57 > 200.143.111.113: ICMP echo request, id 18799, seq 43, length 64
10:42:37.666142 IP 189.57.57.57 > 200.143.111.113: ICMP echo request, id 18799, seq 44, length 64
10:42:38.675928 IP 189.57.57.57 > 200.143.111.113: ICMP echo request, id 18799, seq 45, length 64
10:42:53.822062 IP 189.57.57.57 > 200.143.111.113: ICMP echo request, id 18799, seq 60, length 64
10:42:54.831676 IP 189.57.57.57 > 200.143.111.113: ICMP echo request, id 18799, seq 61, length 64
10:42:55.841306 IP 189.57.57.57 > 200.143.111.113: ICMP echo request, id 18799, seq 62, length 64
^C
42 packets captured
304 packets received by filter
0 packets dropped by kernel
Trinity#
Ajax# tcpdump -i bce0 -n 'src host 189.57.57.57'
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on bce0, link-type EN10MB (Ethernet), capture size 96 bytes
10:42:22.631838 IP 189.57.57.57 > 200.143.111.113: ICMP echo request, id 18799, seq 21, length 64
10:42:23.630795 IP 189.57.57.57 > 200.143.111.113: ICMP echo request, id 18799, seq 22, length 64
10:42:24.671341 IP 189.57.57.57 > 200.143.111.113: ICMP echo request, id 18799, seq 23, length 64
10:42:25.649953 IP 189.57.57.57 > 200.143.111.113: ICMP echo request, id 18799, seq 24, length 64
10:42:26.722732 IP 189.57.57.57 > 200.143.111.113: ICMP echo request, id 18799, seq 25, length 64
10:42:27.669233 IP 189.57.57.57 > 200.143.111.113: ICMP echo request, id 18799, seq 26, length 64
10:42:28.770422 IP 189.57.57.57 > 200.143.111.113: ICMP echo request, id 18799, seq 27, length 64
10:42:47.933898 IP 189.57.57.57 > 200.143.111.113: ICMP echo request, id 18799, seq 46, length 64
10:42:48.873414 IP 189.57.57.57 > 200.143.111.113: ICMP echo request, id 18799, seq 47, length 64
10:42:49.883512 IP 189.57.57.57 > 200.143.111.113: ICMP echo request, id 18799, seq 48, length 64
10:42:50.892785 IP 189.57.57.57 > 200.143.111.113: ICMP echo request, id 18799, seq 49, length 64
10:42:51.902614 IP 189.57.57.57 > 200.143.111.113: ICMP echo request, id 18799, seq 50, length 64
10:42:52.991445 IP 189.57.57.57 > 200.143.111.113: ICMP echo request, id 18799, seq 51, length 64
10:42:53.921984 IP 189.57.57.57 > 200.143.111.113: ICMP echo request, id 18799, seq 52, length 64
10:42:54.931980 IP 189.57.57.57 > 200.143.111.113: ICMP echo request, id 18799, seq 53, length 64
10:42:55.942947 IP 189.57.57.57 > 200.143.111.113: ICMP echo request, id 18799, seq 54, length 64
10:42:56.952141 IP 189.57.57.57 > 200.143.111.113: ICMP echo request, id 18799, seq 55, length 64
10:42:57.961046 IP 189.57.57.57 > 200.143.111.113: ICMP echo request, id 18799, seq 56, length 64
10:42:58.970705 IP 189.57.57.57 > 200.143.111.113: ICMP echo request, id 18799, seq 57, length 64
10:42:59.980192 IP 189.57.57.57 > 200.143.111.113: ICMP echo request, id 18799, seq 58, length 64
10:43:00.990430 IP 189.57.57.57 > 200.143.111.113: ICMP echo request, id 18799, seq 59, length 64
^C
21 packets captured
238 packets received by filter
0 packets dropped by kernel
Ajax#
Estranho
$ ssh 200.143.111.113 -l ricardo
The authenticity of host '200.143.111.113 (200.143.111.113)' can't be established.
DSA key fingerprint is 14:81:d7:e2:bf:ce:43:98:05:bb:44:1f:22:83:82:7a.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '200.143.111.113' (DSA) to the list of known hosts.
Password:
Last login: Fri May 8 08:21:18 2009 from 10.100.1.3
Copyright (c) 1980, 1983, 1986, 1988, 1990, 1991, 1993, 1994
The Regents of the University of California. All rights reserved.
FreeBSD 7.1-RELEASE (CMT) #0: Thu Apr 16 19:26:19 BRT 2009
Welcome to FreeBSD!
Before seeking technical support, please use the following resources:
o Security advisories and updated errata information for all releases are
at http://www.FreeBSD.org/releases/ - always consult the ERRATA section
for your release first as it's updated frequently.
o The Handbook and FAQ documents are at http://www.FreeBSD.org/ and,
along with the mailing lists, can be searched by going to
http://www.FreeBSD.org/search/. If the doc distribution has
been installed, they're also available formatted in /usr/share/doc.
If you still have a question or problem, please take the output of
`uname -a', along with any relevant error messages, and email it
as a question to the questions em FreeBSD.org mailing list. If you are
unfamiliar with FreeBSD's directory layout, please refer to the hier(7)
manual page. If you are not familiar with manual pages, type `man man'.
You may also use sysinstall(8) to re-enter the installation and
configuration utility. Edit /etc/motd to change this login announcement.
$ unRead from remote host 200.143.111.113: Connection reset by peer
Connection to 200.143.111.113 closed.
$ me -a
sh: me: not found
$ w
10:59AM up 9 days, 20:16, 1 user, load averages: 0.55, 0.75, 0.74
USER TTY FROM LOGIN@ IDLE WHAT
ricardo p0 10.10.20.100 10:57AM 0 w
$ uname -a
OpenBSD Fw.cmtsp.com.br 4.3 CMT#0 i386
$ ssh 200.143.111.113 -l ricardo
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the DSA host key has just been changed.
The fingerprint for the DSA key sent by the remote host is
20:f3:58:b5:ac:d0:46:3d:58:9c:e9:c4:0a:5e:e1:7e.
Please contact your system administrator.
Add correct host key in /home/ricardo/.ssh/known_hosts to get rid of this message.
Offending key in /home/ricardo/.ssh/known_hosts:1
DSA host key for 200.143.111.113 has changed and you have requested strict checking.
Host key verification failed.
$
-----Mensagem original-----
De: freebsd-bounces em fug.com.br [mailto:freebsd-bounces em fug.com.br] Em nome de Franklin França
Enviada em: quarta-feira, 6 de maio de 2009 17:39
Para: Lista Brasileira de Discussão sobre FreeBSD (FUG-BR)
Assunto: Re: [FUG-BR] Ajuda com CARP
Olá
tenta mudar a sequência do seu ifconfig_carp para o seguinte
Trinity
ifconfig_carp1="vhid 2 pass fw_cmt123 10.100.0.128"
Ajax
ifconfig_carp1="vhid 2 pass fw_cmt123 advskew 100 10.100.0.128"
no arquivo /etc/sysctl.conf
#Aceita pacotes CARP
net.inet.carp.allow=1
#Ativa preemptivismo
net.inet.carp.preempt=1
#Ativa log
net.inet.carp.log=1
#Ativa o balanceamento de carga em nivel ARP
net.inet.carp.arpbalance=1
E posta o resultado aiiiiiiiii
2009/5/6 Ricardo Augusto de Souza <ricardo.souza em cmtsp.com.br>
> Pessoal,
>
> Estou configurando um carp entre 2 servidores freeBSD 7.
> Eu consegui fazer o carp externo ( internet) funcionar e não consegui fazer
> o carp interno ( lan ) funcionar.
> Alguem pode me ajudar a identificar onde esta o erro?
>
> Trinity# cat rc.conf |grep carp
> cloned_interfaces="carp0 carp1"
> ifconfig_carp1="up 10.100.0.128/24 vhid 2 pass fw_cmt123"
> ifconfig_carp0="up 200.143.33.XYZ/28 vhid 1 pass fw_cmt123"
> Trinity# cat pf.conf|grep carp
> carp_if="{ carp0, carp1 }"
> pass on $carp_if proto carp keep state
> Trinity#
>
> Ajax# cat rc.conf |grep carp
> cloned_interfaces="carp0 carp1"
> ifconfig_carp0="up 200.143.33.XYZ/28 vhid 1 advskew 10 pass fw_cmt123"
> ifconfig_carp1="up 10.100.0.128/24 vhid 2 advskew 10 pass fw_cmt123"
> Ajax# cat pf.conf |grep carp
> carp_if="{ carp0, carp1 }"
> pass on $carp_if proto carp keep state
> Ajax#
>
> Em ambos:
> net.inet.tcp.blackhole=2
> net.inet.udp.blackhole=1
> #if one interface fails then all will fail over
> net.inet.carp.preempt=1
> net.inet.tcp.sendspace=65536
> net.inet.tcp.recvspace=65536
>
> Eu não consigo pingar o ip 10.100.0.128 mesmo com o PF de ambos os servers
> desligado.
>
>
> -------------------------
> Histórico: http://www.fug.com.br/historico/html/freebsd/
> Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd
>
--
atenciosamente,
Franklin de França
-------------------------
Histórico: http://www.fug.com.br/historico/html/freebsd/
Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd
-------------------------
Histórico: http://www.fug.com.br/historico/html/freebsd/
Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd
-------------------------
Histórico: http://www.fug.com.br/historico/html/freebsd/
Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd
Mais detalhes sobre a lista de discussão freebsd