Project

General

Profile

Actions

Bug #2278

closed

IPv6 Carp vip both master on FreeBSD 8.3

Added by Seth Mos over 9 years ago. Updated over 9 years ago.

Status:
Resolved
Priority:
High
Assignee:
-
Category:
CARP
Target version:
Start date:
03/12/2012
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
2.1-IPv6
Affected Architecture:

Description

On our FreeBSD 8.3 snapshots both carp members will become master for IPv6 vips. The IPv4 vips if they exist work normally and stay backup on the backup member.

This worked with the same configuration on our FreeBSD 8.1 snapshots.


Files

carp-a-8.3.pcap (5.54 KB) carp-a-8.3.pcap carp a on 8.3 Seth Mos, 03/12/2012 05:11 AM
carp-b-8.3.pcap (6.42 KB) carp-b-8.3.pcap carp b on 8.3 Seth Mos, 03/12/2012 05:11 AM
carp-a-8.3-b-8.1.pcap (5.97 KB) carp-a-8.3-b-8.1.pcap carp a on 8.3 and b on 8.1 Seth Mos, 03/12/2012 05:11 AM
carp-b-8.1.pcap (5.97 KB) carp-b-8.1.pcap carp b on 8.3 Seth Mos, 03/12/2012 05:11 AM
carp-a-8.1-b-8.1.pcap (6 KB) carp-a-8.1-b-8.1.pcap carp a on 8.1 and b on 8.1 Seth Mos, 03/12/2012 05:11 AM
Actions #1

Updated by Seth Mos over 9 years ago

I have attached 4 pcaps. The 1st 2 pcap files are both members running 8.3.

Pcap 3 and 4 is the master and backup node running a 8.1 snapshots from http://files.pfsense.org/jimp/ipv6/
I'm using pfSense-Full-Update-2.1-DEVELOPMENT-i386-20111125-1741.tgz as this was the last "good" 8.1 snap.

As soon as the backup node is downgraded to a 8.1 snapshot it kicks into backup again.

The other way around makes no difference, if the primary is 8.1 and the backup is 8.3 they both will be master.

Actions #2

Updated by Seth Mos over 9 years ago

  • Assignee set to Ermal Luçi

Just tested with 2 clean FreeBSD 8.3-RC1 vms and there the IPv6 Carp backup and failover works correctly. That implies that it is related to our patches for 8.3.

Ermal can you debug this with the information provided here?

Actions #3

Updated by Chris Buechler over 9 years ago

  • Target version changed from 8 to 2.1
  • Affected Version changed from 2.1 to 2.1-IPv6
Actions #4

Updated by Ermal Luçi over 9 years ago

Probably it will be related to the IPv6 patch there is in there.
Can you confirm that Seth?

Actions #5

Updated by Seth Mos over 9 years ago

  • Status changed from New to Feedback

Can not replicate with FreeBSD 8.3-RC2 snapshots from snapshots.pfsense.org. Possibly fixed between RC1 and RC2.

Possibly others can confirm.

Scratch that, the primary, which was RC1 still, was up for 46 days but seized all IPv6 comms to the vips. Even rebooting the master and backup did not allow comms to restore.
After downgrading to 8.1 snaps from Jim made on 25th november 2011 it all came back to live.

Actions #6

Updated by Chris Buechler over 9 years ago

  • Status changed from Feedback to New
Actions #7

Updated by Pierre BLONDEAU over 9 years ago

I have a similar problem on 2.1-DEVELOPMENT (i386) built on Tue Apr 10 21:11:54 EDT 2012.

13 IPv4 carp OK
3 IPv6 are Master on both server.

Regards

Actions #8

Updated by Seth Mos over 9 years ago

The last good snapshot is from http://files.pfsense.org/jimp/ipv6/

I'm still running the snapshots from Nov 25th on 3 carp clusters.

Another issue that I've managed to reproduce on another carp cluster is that FreeBSD 8.3 will stop responding to Neighbor Discovery requests and thus the CARP vips will wall from the internet, so if you have a static route pointing at a carp vip everything behind it, it will become unreachable.

Actions #9

Updated by Pierre BLONDEAU over 9 years ago

I have this problem, but only on one of my carp ipv6 addresses and only a few machines (not all).
I thought it was from my configuration, but it appears to be identical.

Actions #10

Updated by Seth Mos over 9 years ago

Can you check if the CARP vip address is in the NDP table of any of the other machines?

On linux http://tldp.org/HOWTO/Linux+IPv6-HOWTO/x1162.html

# ip -6 neigh show

That should show the CARP IPv6 vip in there.
On FreeBSD
#ndp -a

if the IPv6 CARP vips do not show in the clients or servers then it means that FreeBSD is not responding to ND requests.

Actions #11

Updated by Pierre BLONDEAU over 9 years ago

on the one where it works :
ip -6 neigh show
2001:xxx:yyy::1 dev eth0 lladdr 00:00:5e:xx:xx:xx router DELAY
on the other :
ip -6 neigh show
2001:xxx:yyy::1 dev eth0 FAILED
I have 10 / 36 machines which can't join the router CARP Ipv6 ( All linux debian squeeze up to date).

Actions #12

Updated by Pierre BLONDEAU over 9 years ago

I have found the difference, it's the uptime of client. If I restart them all, IPv6 will not work on them.

Actions #13

Updated by Seth Mos over 9 years ago

Jim found a very descriptive similar issue on Open that appears to hit the exact same thing.
http://old.nabble.com/carp-ipv6-ndp-issue-td32201650.html

Actions #14

Updated by Seth Mos over 9 years ago

  • Status changed from New to Feedback

The latest snapshot I ran off by hand seems to do the trick with the updated CARP patches.

http://iserv.nl/files/pfsense/releng83/pfSense-Full-Update-2.1-DEVELOPMENT-i386-20120419-1059.tgz

Pierre, can you verify this?

Actions #15

Updated by Pierre BLONDEAU over 9 years ago

Hy,
It's works for me ! Thank you very much !
Have you a idea of the date of integration in official image ?
Regards

Actions #16

Updated by Seth Mos over 9 years ago

Still hitting the double master issue in the Xs4all DC carp

Actions #17

Updated by Chris Buechler over 9 years ago

  • Status changed from Feedback to New
Actions #18

Updated by Chris Buechler over 9 years ago

Ermal - you can put the time to Coltex

Actions #19

Updated by Chris Buechler over 9 years ago

  • Status changed from New to Feedback
  • Assignee deleted (Ermal Luçi)

Andrew working on this

Actions #20

Updated by Jim Pingle over 9 years ago

  • Status changed from Feedback to Resolved

This has been OK for a while now, several production carp clusters running and no dual master any more.

Actions

Also available in: Atom PDF