none
FreeBSD CARP problem

    Question

  • Hello everyone,

    I have a Win 2016 Hyper-V cluster. And I want to make a failover balancer based on FreeBSD 11 and Nginx. I created 2 VMs and installed FreeeBSD 11. It's very easy to configure CARP on FreeBSD, just load carp kernel module and add something like this "ifconfig_hn0_alias0="inet vhid 10 pass somepass alias 192.168.1.10/32" in /etc/rc.conf.

    But when I did it I saw errors in log:

    Feb  7 14:06:25 vm-ha-01 kernel: carp: 10@hn0: BACKUP -> MASTER (master timed out)
    Feb  7 14:06:31 vm-ha-01 kernel: carp: 10@hn0: MASTER -> BACKUP (more frequent advertisement received)

    CARP state was switching from BACKUP to MASTER and back over and over.Ok, I launched tcpdump to capture only incoming traffic and saw this:

    root@vm-ha-03:~ # tcpdump --direction=in -n -e proto CARP
    14:08:27.447718 90:e2:ba:d7:44:11 > 01:00:5e:00:00:12, ethertype IPv4 (0x0800), length 70: 192.168.159.2 > 224.0.0.18: VRRPv2, Advertisement, vrid 10, prio 0, authtype none, intvl 1s, length 36

    or

    14:08:33.634475 90:e2:ba:d7:44:10 > 01:00:5e:00:00:12, ethertype IPv4 (0x0800), length 70: 192.168.159.2 > 224.0.0.18: VRRPv2, Advertisement, vrid 10, prio 0, authtype none, intvl 1s, length 36

    90:e2:ba:d7:44:11 and 90:e2:ba:d7:44:10 are mac-addresses of  host's physical adapters, which w ere combinedin the SET (Switch Embedded Teaming). If I understood correctly, the problem was the system recieved its own sent CARP packets, but its mac-address had been spoofed by SET. According to this article (https://technet.microsoft.com/library/mt403349.aspx#bkmk_mac) this behavior is OK. But I want CARP to work properly.


    Tuesday, February 7, 2017 12:12 PM

Answers

  • I set virtual switch in Hyper-V load-balancing mode, after that CARP started working properly. I think that incorrect working of CARP protocol, when virtual switch is set in dynamic load-balancing mode, is a bug, but I don't know where I should write a report about it.
    • Marked as answer by Uncletimmy3 Wednesday, May 3, 2017 10:01 AM
    Wednesday, May 3, 2017 10:01 AM

All replies