Bug #2920
closed
OSPF on interfaces with IP Alias and carp unpredictable
0%
Description
I have an interface with IP 172.20.20.2 and CARP address 172.20.20.1. Due to legacy, this interface also has IP Alias 172.22.6.2 and CARP 172.22.6.1. As you can guess, there is also a carp mirror on router the same network with 172.20.20.3 as IP and 172.22.6.3 as IP Alias.
This behaves unpredictable as Quagga can only be enabled on an interface and not on VIP's. The primary firewall now shows the following on the Quagga status page:
[code]opt3_vip2 is up
ifindex 22, MTU 1500 bytes, BW 0 Kbit <UP,LOOPBACK,RUNNING> (Is IP 172.20.20.1)
OSPF not enabled on this interface
opt3_vip19 is up
ifindex 38, MTU 1500 bytes, BW 0 Kbit <UP,LOOPBACK,RUNNING>
Internet Address 172.22.6.1/24, Broadcast 172.22.6.1, Area 0.0.0.0
MTU mismatch detection:enabled
Router ID .**..**, Network Type LOOPBACK, Cost: 10
Transmit Delay is 1 sec, State Loopback, Priority 1
No designated router on this network
No backup designated router on this network
Multicast group memberships: <None>
Timer intervals configured, Hello 10s, Dead 40s, Wait 40s, Retransmit 5
Hello due in inactive
Neighbor Count is 0, Adjacent neighbor count is 0[/code]
And the secondary firewall shows:
[code]opt3_vip2 is up
ifindex 23, MTU 1500 bytes, BW 0 Kbit <UP,LOOPBACK,RUNNING>
Internet Address 172.20.20.1/24, Broadcast 172.20.20.1, Area 0.0.0.0
MTU mismatch detection:enabled
Router ID .**..**, Network Type LOOPBACK, Cost: 10
Transmit Delay is 1 sec, State Loopback, Priority 1
No designated router on this network
No backup designated router on this network
Multicast group memberships: <None>
Timer intervals configured, Hello 10s, Dead 40s, Wait 40s, Retransmit 5
Hello due in inactive
Neighbor Count is 0, Adjacent neighbor count is 0
opt3_vip19 is up
ifindex 39, MTU 1500 bytes, BW 0 Kbit <UP,LOOPBACK,RUNNING> (Is IP 172.22.6.1)
OSPF not enabled on this interface[/code]
This results in a routing table on fw1 with:
[code]O 172.20.20.0/24 [110/10] is directly connected, em0_vlan2020, 00:23:08
C>* 172.20.20.0/24 is directly connected, em0_vlan2020
O>* 172.20.20.1/32 [110/25] via 172.20.1.2 (fw2, should list directly connected or just not be listed), em0_vlan2001, 00:22:58
O 172.22.6.0/24 [110/10] is directly connected (Like it should be), em0_vlan2020, 00:23:08
C * 172.22.6.0/24 is directly connected, opt3_vip19
C>* 172.22.6.0/24 is directly connected, em0_vlan2020[/code]
And on fw2:
[code]O 172.20.20.0/24 [110/10] is directly connected, em0_vlan2020, 2d11h41m
C * 172.20.20.0/24 is directly connected, opt3_vip2
C>* 172.20.20.0/24 is directly connected, em0_vlan2020
C * 172.22.6.0/24 is directly connected, em0_vlan2020
C>* 172.22.6.0/24 is directly connected, opt3_vip19
O>* 172.22.6.1/32 [110/20] via 172.20.1.1 (Like it should be), em0_vlan2001, 00:09:43[/code]
Also, I had to list the 172.22.6.0 manually in the tables, it's not picked up automatically. Would it be a solution to list IP Alias virtual interfaces in the Quagga dropdown list?
Updated by Chris Buechler over 11 years ago
- Project changed from pfSense to pfSense Packages
probably more of a feature request, will leave as is for future examination in this context
Updated by Peter O over 11 years ago
I just found out that the interface on fw1 had an ip of 172.20.20.0/24. Don't know how that managed to get through the input validation...
Changed it to 172.20.20.2/24 but can't apply just yet because it will drop all current tcp connections for a few seconds. I'll try whether this solves it asap and report back.
Updated by Peter O over 11 years ago
When applying settings, I get the folowing error:
Apr 2 12:38:49 kernel: opt3_vip19: BACKUP -> MASTER (preempting a slower master) Apr 2 12:38:49 kernel: opt3_vip2: link state changed to UP Apr 2 12:38:49 kernel: opt3_vip2: BACKUP -> MASTER (preempting a slower master) Apr 2 12:38:49 php: /interfaces.php: Configuring CARP settings finalize... Apr 2 12:38:49 php: /interfaces.php: pfsync done in 0 seconds. Apr 2 12:38:49 php: /interfaces.php: waiting for pfsync... Apr 2 12:38:48 kernel: opt3_vip19: link state changed to DOWN Apr 2 12:38:48 kernel: opt3_vip19: INIT -> BACKUP Apr 2 12:38:48 kernel: opt3_vip19: link state changed to DOWN Apr 2 12:38:48 kernel: opt3_vip2: link state changed to DOWN Apr 2 12:38:48 kernel: opt3_vip2: INIT -> BACKUP Apr 2 12:38:48 kernel: opt3_vip2: link state changed to DOWN Apr 2 12:38:48 php: /interfaces.php: The command '/sbin/ifconfig 'em0_vlan2020' inet '172.22.6.2'/'24' alias' returned exit code '1', the output was 'ifconfig: ioctl (SIOCAIFADDR): File exists'
(Read from bottom to top) The servers in the 172.22.6.0/24 range were unreachable after that so I changed the IP back to 172.20.20.0/24. Weird enough, now the servers on 172.22.6.0/24 are reachable again... Should I remove the VIP's, change the interface IP and add the VIP's again?