Differences

This shows you the differences between two versions of the page.

--- documentation:examples:pf_and_carp_lab [2021/11/25 13:54] – [Backup Firewall (VM3)] olivier
+++ documentation:examples:pf_and_carp_lab [2021/11/25 14:01] – [Creating 2 flows from VM1 to VM4] olivier
@@ Line 87: / Line 87: @@
 sysrc pflog_enable=YES
 sysrc pfsync_syncdev=vtnet1
-mount -uw /
+sysrc kld_list="carp"
-echo "carp_load="YES"" >> /boot/loader.conf.local
-mount -ur /
 echo "net.inet.carp.preempt=1" >> /etc/sysctl.conf
@@ Line 139: / Line 137: @@
 sysrc pflog_enable=YES
 sysrc pfsync_syncdev=vtnet1
-mount -uw /
+sysrc kld_list="carp"
-echo "carp_load="YES"" >> /boot/loader.conf.local
-mount -ur /
 echo "net.inet.carp.preempt=1" >> /etc/sysctl.conf
@@ Line 200: / Line 196: @@
 <code>
 [root@VM2]~# ifconfig vtnet3
-vtnet3: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
+vtnet3: flags=8863<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
         options=80028<VLAN_MTU,JUMBO_MTU,LINKSTATE>
         ether 58:9c:fc:02:00:02
@@ Line 206: / Line 202: @@
         inet 192.168.10.254 netmask 0xffffffff broadcast 192.168.10.254 vhid 1
         inet6 fe80::5a9c:fcff:fe02:2%vtnet3 prefixlen 64 scopeid 0x4
-        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
+        inet6 2001:db8:10::2 prefixlen 64
-        media: Ethernet 10Gbase-T <full-duplex>
+        inet6 2001:db8:10::fe prefixlen 128 vhid 2
-        status: active
         carp: MASTER vhid 1 advbase 1 advskew 100
+        carp: MASTER vhid 2 advbase 1 advskew 100
+        media: Ethernet autoselect (10Gbase-T <full-duplex>)
+        status: active
+        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
 [root@VM2]~# ifconfig vtnet4
-vtnet4: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
+vtnet4: flags=8863<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
         options=80028<VLAN_MTU,JUMBO_MTU,LINKSTATE>
         ether 58:9c:fc:02:00:02
-        inet 10.0.0.2 netmask 0xffffff00 broadcast 10.0.0.255
+        inet 2.2.2.2 netmask 0xffffff00 broadcast 2.2.2.255
-        inet 10.0.0.254 netmask 0xffffffff broadcast 10.0.0.254 vhid 2
+        inet 2.2.2.254 netmask 0xffffffff broadcast 2.2.2.254 vhid 3
         inet6 fe80::5a9c:fcff:fe02:2%vtnet4 prefixlen 64 scopeid 0x5
-        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
+        inet6 2001:db8:2:2:2::2 prefixlen 64
-        media: Ethernet 10Gbase-T <full-duplex>
+        inet6 2001:db8:2:2:2::fe prefixlen 128 vhid 4
+        carp: MASTER vhid 3 advbase 1 advskew 100
+        carp: MASTER vhid 4 advbase 1 advskew 100
+        media: Ethernet autoselect (10Gbase-T <full-duplex>)
         status: active
-        carp: MASTER vhid 2 advbase 1 advskew 100
+        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
 </code>
@@ Line 227: / Line 229: @@
 <code>
 [root@VM3]~# ifconfig vtnet3
-vtnet3: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
+vtnet3: flags=8863<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
         options=80028<VLAN_MTU,JUMBO_MTU,LINKSTATE>
         ether 58:9c:fc:03:00:03
@@ Line 233: / Line 235: @@
         inet 192.168.10.254 netmask 0xffffffff broadcast 192.168.10.254 vhid 1
         inet6 fe80::5a9c:fcff:fe03:3%vtnet3 prefixlen 64 scopeid 0x4
-        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
+        inet6 2001:db8:10::3 prefixlen 64
-        media: Ethernet 10Gbase-T <full-duplex>
+        inet6 2001:db8:10::fe prefixlen 128 vhid 2
-        status: active
         carp: BACKUP vhid 1 advbase 1 advskew 200
+        carp: BACKUP vhid 2 advbase 1 advskew 200
+        media: Ethernet autoselect (10Gbase-T <full-duplex>)
+        status: active
+        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
 [root@VM3]~# ifconfig vtnet4
-vtnet4: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
+vtnet4: flags=8863<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
         options=80028<VLAN_MTU,JUMBO_MTU,LINKSTATE>
         ether 58:9c:fc:03:00:03
-        inet 10.0.0.3 netmask 0xffffff00 broadcast 10.0.0.255
+        inet 2.2.2.3 netmask 0xffffff00 broadcast 2.2.2.255
-        inet 10.0.0.254 netmask 0xffffffff broadcast 10.0.0.254 vhid 2
+        inet 2.2.2.254 netmask 0xffffffff broadcast 2.2.2.254 vhid 3
         inet6 fe80::5a9c:fcff:fe03:3%vtnet4 prefixlen 64 scopeid 0x5
+        inet6 2001:db8:2:2:2::3 prefixlen 64
+        inet6 2001:db8:2:2:2::fe prefixlen 128 vhid 4
+        carp: BACKUP vhid 3 advbase 1 advskew 200
+        carp: BACKUP vhid 4 advbase 1 advskew 200
+        media: Ethernet autoselect (10Gbase-T <full-duplex>)
+        status: active
         nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
-        media: Ethernet 10Gbase-T <full-duplex>
-        status: active
-        carp: BACKUP vhid 2 advbase 1 advskew 200
 </code>
 ==== pf state ====
@@ Line 273: / Line 281: @@
 Open a tmux session on R1 and generate 2 flows:
-  -  A continous ping: ping 10.0.0.4
+  -  A continous ping: ping 2.2.2.4
-  -  A echo session: telnet 10.0.0.4 7
+  -  A echo session: telnet 2.2.2.4 7
 ==== pf synchronisation ====