Bug #2278
closed
IPv6 Carp vip both master on FreeBSD 8.3
Added by Seth Mos over 12 years ago. Updated over 12 years ago.
0%
Description
On our FreeBSD 8.3 snapshots both carp members will become master for IPv6 vips. The IPv4 vips if they exist work normally and stay backup on the backup member.
This worked with the same configuration on our FreeBSD 8.1 snapshots.
Files
| carp-a-8.3.pcap (5.54 KB) carp-a-8.3.pcap | carp a on 8.3 | Seth Mos, 03/12/2012 05:11 AM | |
| carp-b-8.3.pcap (6.42 KB) carp-b-8.3.pcap | carp b on 8.3 | Seth Mos, 03/12/2012 05:11 AM | |
| carp-a-8.3-b-8.1.pcap (5.97 KB) carp-a-8.3-b-8.1.pcap | carp a on 8.3 and b on 8.1 | Seth Mos, 03/12/2012 05:11 AM | |
| carp-b-8.1.pcap (5.97 KB) carp-b-8.1.pcap | carp b on 8.3 | Seth Mos, 03/12/2012 05:11 AM | |
| carp-a-8.1-b-8.1.pcap (6 KB) carp-a-8.1-b-8.1.pcap | carp a on 8.1 and b on 8.1 | Seth Mos, 03/12/2012 05:11 AM |
Updated by Seth Mos over 12 years ago
- File carp-a-8.3.pcap carp-a-8.3.pcap added
- File carp-b-8.3.pcap carp-b-8.3.pcap added
- File carp-a-8.3-b-8.1.pcap carp-a-8.3-b-8.1.pcap added
- File carp-b-8.1.pcap carp-b-8.1.pcap added
- File carp-a-8.1-b-8.1.pcap carp-a-8.1-b-8.1.pcap added
I have attached 4 pcaps. The 1st 2 pcap files are both members running 8.3.
Pcap 3 and 4 is the master and backup node running a 8.1 snapshots from http://files.pfsense.org/jimp/ipv6/
I'm using pfSense-Full-Update-2.1-DEVELOPMENT-i386-20111125-1741.tgz as this was the last "good" 8.1 snap.
As soon as the backup node is downgraded to a 8.1 snapshot it kicks into backup again.
The other way around makes no difference, if the primary is 8.1 and the backup is 8.3 they both will be master.
Updated by Seth Mos over 12 years ago
- Assignee set to Ermal Luçi
Just tested with 2 clean FreeBSD 8.3-RC1 vms and there the IPv6 Carp backup and failover works correctly. That implies that it is related to our patches for 8.3.
Ermal can you debug this with the information provided here?
Updated by Chris Buechler over 12 years ago
- Target version changed from 8 to 2.1
- Affected Version changed from 2.1 to 2.1-IPv6
Updated by Ermal Luçi over 12 years ago
Probably it will be related to the IPv6 patch there is in there.
Can you confirm that Seth?
Updated by Seth Mos over 12 years ago
- Status changed from New to Feedback
Can not replicate with FreeBSD 8.3-RC2 snapshots from snapshots.pfsense.org. Possibly fixed between RC1 and RC2.
Possibly others can confirm.
Scratch that, the primary, which was RC1 still, was up for 46 days but seized all IPv6 comms to the vips. Even rebooting the master and backup did not allow comms to restore.
After downgrading to 8.1 snaps from Jim made on 25th november 2011 it all came back to live.
Updated by Pierre BLONDEAU over 12 years ago
I have a similar problem on 2.1-DEVELOPMENT (i386) built on Tue Apr 10 21:11:54 EDT 2012.
13 IPv4 carp OK
3 IPv6 are Master on both server.
Regards
Updated by Seth Mos over 12 years ago
The last good snapshot is from http://files.pfsense.org/jimp/ipv6/
I'm still running the snapshots from Nov 25th on 3 carp clusters.
Another issue that I've managed to reproduce on another carp cluster is that FreeBSD 8.3 will stop responding to Neighbor Discovery requests and thus the CARP vips will wall from the internet, so if you have a static route pointing at a carp vip everything behind it, it will become unreachable.
Updated by Pierre BLONDEAU over 12 years ago
I have this problem, but only on one of my carp ipv6 addresses and only a few machines (not all).
I thought it was from my configuration, but it appears to be identical.
Updated by Seth Mos over 12 years ago
Can you check if the CARP vip address is in the NDP table of any of the other machines?
On linux http://tldp.org/HOWTO/Linux+IPv6-HOWTO/x1162.html
# ip -6 neigh show
That should show the CARP IPv6 vip in there.
On FreeBSD
#ndp -a
if the IPv6 CARP vips do not show in the clients or servers then it means that FreeBSD is not responding to ND requests.
Updated by Pierre BLONDEAU over 12 years ago
on the one where it works :
ip -6 neigh show
2001:xxx:yyy::1 dev eth0 lladdr 00:00:5e:xx:xx:xx router DELAY
on the other :
ip -6 neigh show
2001:xxx:yyy::1 dev eth0 FAILED
I have 10 / 36 machines which can't join the router CARP Ipv6 ( All linux debian squeeze up to date).
Updated by Pierre BLONDEAU over 12 years ago
I have found the difference, it's the uptime of client. If I restart them all, IPv6 will not work on them.
Updated by Seth Mos over 12 years ago
Jim found a very descriptive similar issue on Open that appears to hit the exact same thing.
http://old.nabble.com/carp-ipv6-ndp-issue-td32201650.html
Updated by Seth Mos over 12 years ago
- Status changed from New to Feedback
The latest snapshot I ran off by hand seems to do the trick with the updated CARP patches.
http://iserv.nl/files/pfsense/releng83/pfSense-Full-Update-2.1-DEVELOPMENT-i386-20120419-1059.tgz
Pierre, can you verify this?
Updated by Pierre BLONDEAU over 12 years ago
Hy,
It's works for me ! Thank you very much !
Have you a idea of the date of integration in official image ?
Regards
Updated by Seth Mos over 12 years ago
Still hitting the double master issue in the Xs4all DC carp
Updated by Chris Buechler over 12 years ago
- Status changed from Feedback to New
Updated by Chris Buechler over 12 years ago
Ermal - you can put the time to Coltex
Updated by Chris Buechler over 12 years ago
- Status changed from New to Feedback
- Assignee deleted (
Ermal Luçi)
Andrew working on this
Updated by Jim Pingle over 12 years ago
- Status changed from Feedback to Resolved
This has been OK for a while now, several production carp clusters running and no dual master any more.