OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
CARP issue on VLAN interfaces

From: Steve Johnson (maillistsjohnson.info)
Date: Tue Aug 03 2010 - 11:57:20 CDT


Hi,

I have an issue with setting up CARP interfaces for VLAN system
interfaces. For some reason, the CARP interface is unreachable from any
host except the MASTER node, and it seems like the ARP requests are not
reaching the destination hosts, yet they are sent by the OBSD systems,
on both the VLAN interface, and the real interface with a vid tag on the
proper VLAN ID. The switches do have the the MAC address in their ARP
tables though. The weird thing is that the same setup creates no issues
whatsoever for all CARP interfaces bound to physical interfaces, and not
to VLAN interfaces. Here is a drilldown of the situation:

- PF is disabled
- All systems (including both nodes) can reach the VLAN interface IP
addresses
- All CARP interfaces are part of a secondary group
- CARP demotes, system reboots and shutting interfaces all properly
switch the CARP master and backup for the whole group
- A CARP master/backup switch properly updates the MAC address table in
the switches
- All systems can reach the CARP interface IPs for CARP interfaces set
on non-VLAN interfaces
- No system (except the system that is the CARP MASTER) can reach the
CARP interface IPs that are set on VLAN interfaces

Below are configuration details, tcpdumps and logs that detail the setup.
http://pastebin.com/hbwrKmVr

Any idea as to what could be causing this would be appreciated!

Thanks,
Steve Johnson