Differences

This shows you the differences between two versions of the page.

--- documentation:examples:pf_and_carp_lab [2021/11/25 13:54] – [Backup Firewall (VM3)] olivier
+++ documentation:examples:pf_and_carp_lab [2021/11/25 14:04] (current) – [pf synchronisation] olivier
@@ Line 87: / Line 87: @@
 sysrc pflog_enable=YES
 sysrc pfsync_syncdev=vtnet1
-mount -uw /
+sysrc kld_list="carp"
-echo "carp_load="YES"" >> /boot/loader.conf.local
-mount -ur /
 echo "net.inet.carp.preempt=1" >> /etc/sysctl.conf
@@ Line 139: / Line 137: @@
 sysrc pflog_enable=YES
 sysrc pfsync_syncdev=vtnet1
-mount -uw /
+sysrc kld_list="carp"
-echo "carp_load="YES"" >> /boot/loader.conf.local
-mount -ur /
 echo "net.inet.carp.preempt=1" >> /etc/sysctl.conf
@@ Line 200: / Line 196: @@
 <code>
 [root@VM2]~# ifconfig vtnet3
-vtnet3: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
+vtnet3: flags=8863<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
         options=80028<VLAN_MTU,JUMBO_MTU,LINKSTATE>
         ether 58:9c:fc:02:00:02
@@ Line 206: / Line 202: @@
         inet 192.168.10.254 netmask 0xffffffff broadcast 192.168.10.254 vhid 1
         inet6 fe80::5a9c:fcff:fe02:2%vtnet3 prefixlen 64 scopeid 0x4
-        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
+        inet6 2001:db8:10::2 prefixlen 64
-        media: Ethernet 10Gbase-T <full-duplex>
+        inet6 2001:db8:10::fe prefixlen 128 vhid 2
-        status: active
         carp: MASTER vhid 1 advbase 1 advskew 100
+        carp: MASTER vhid 2 advbase 1 advskew 100
+        media: Ethernet autoselect (10Gbase-T <full-duplex>)
+        status: active
+        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
 [root@VM2]~# ifconfig vtnet4
-vtnet4: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
+vtnet4: flags=8863<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
         options=80028<VLAN_MTU,JUMBO_MTU,LINKSTATE>
         ether 58:9c:fc:02:00:02
-        inet 10.0.0.2 netmask 0xffffff00 broadcast 10.0.0.255
+        inet 2.2.2.2 netmask 0xffffff00 broadcast 2.2.2.255
-        inet 10.0.0.254 netmask 0xffffffff broadcast 10.0.0.254 vhid 2
+        inet 2.2.2.254 netmask 0xffffffff broadcast 2.2.2.254 vhid 3
         inet6 fe80::5a9c:fcff:fe02:2%vtnet4 prefixlen 64 scopeid 0x5
+        inet6 2001:db8:2:2:2::2 prefixlen 64
+        inet6 2001:db8:2:2:2::fe prefixlen 128 vhid 4
+        carp: MASTER vhid 3 advbase 1 advskew 100
+        carp: MASTER vhid 4 advbase 1 advskew 100
+        media: Ethernet autoselect (10Gbase-T <full-duplex>)
+        status: active
         nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
-        media: Ethernet 10Gbase-T <full-duplex>
-        status: active
-        carp: MASTER vhid 2 advbase 1 advskew 100
 </code>
@@ Line 227: / Line 229: @@
 <code>
 [root@VM3]~# ifconfig vtnet3
-vtnet3: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
+vtnet3: flags=8863<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
         options=80028<VLAN_MTU,JUMBO_MTU,LINKSTATE>
         ether 58:9c:fc:03:00:03
@@ Line 233: / Line 235: @@
         inet 192.168.10.254 netmask 0xffffffff broadcast 192.168.10.254 vhid 1
         inet6 fe80::5a9c:fcff:fe03:3%vtnet3 prefixlen 64 scopeid 0x4
+        inet6 2001:db8:10::3 prefixlen 64
+        inet6 2001:db8:10::fe prefixlen 128 vhid 2
+        carp: BACKUP vhid 1 advbase 1 advskew 200
+        carp: BACKUP vhid 2 advbase 1 advskew 200
+        media: Ethernet autoselect (10Gbase-T <full-duplex>)
+        status: active
         nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
-        media: Ethernet 10Gbase-T <full-duplex>
-        status: active
-        carp: BACKUP vhid 1 advbase 1 advskew 200
 [root@VM3]~# ifconfig vtnet4
-vtnet4: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
+vtnet4: flags=8863<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
         options=80028<VLAN_MTU,JUMBO_MTU,LINKSTATE>
         ether 58:9c:fc:03:00:03
-        inet 10.0.0.3 netmask 0xffffff00 broadcast 10.0.0.255
+        inet 2.2.2.3 netmask 0xffffff00 broadcast 2.2.2.255
-        inet 10.0.0.254 netmask 0xffffffff broadcast 10.0.0.254 vhid 2
+        inet 2.2.2.254 netmask 0xffffffff broadcast 2.2.2.254 vhid 3
         inet6 fe80::5a9c:fcff:fe03:3%vtnet4 prefixlen 64 scopeid 0x5
+        inet6 2001:db8:2:2:2::3 prefixlen 64
+        inet6 2001:db8:2:2:2::fe prefixlen 128 vhid 4
+        carp: BACKUP vhid 3 advbase 1 advskew 200
+        carp: BACKUP vhid 4 advbase 1 advskew 200
+        media: Ethernet autoselect (10Gbase-T <full-duplex>)
+        status: active
         nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
-        media: Ethernet 10Gbase-T <full-duplex>
-        status: active
-        carp: BACKUP vhid 2 advbase 1 advskew 200
 </code>
 ==== pf state ====
@@ Line 273: / Line 281: @@
 Open a tmux session on R1 and generate 2 flows:
-  -  A continous ping: ping 10.0.0.4
+  -  A continous ping: ping 2.2.2.4
-  -  A echo session: telnet 10.0.0.4 7
+  -  A echo session: telnet 2.2.2.4 7
 ==== pf synchronisation ====
@@ Line 281: / Line 289: @@
 <code>
-[root@VM3]~# pfctl -ss
+[root@VM2]~# pfctl -ss
-all icmp 10.0.0.4:267 <- 192.168.10.1:267       0:0
+all carp fe80::5a9c:fcff:fe02:2 -> ff02::12       SINGLE:NO_TRAFFIC
-all icmp 192.168.10.1:267 -> 10.0.0.4:267       0:0
+all carp 2.2.2.2 -> 224.0.0.18       SINGLE:NO_TRAFFIC
-all tcp 10.0.0.4:7 <- 192.168.10.1:31058       ESTABLISHED:ESTABLISHED
+all carp 192.168.10.2 -> 224.0.0.18       SINGLE:NO_TRAFFIC
-all tcp 192.168.10.1:31058 -> 10.0.0.4:7       ESTABLISHED:ESTABLISHED
+all pfsync 192.168.23.2 -> 224.0.0.240       SINGLE:NO_TRAFFIC
-all carp 224.0.0.18 <- 192.168.10.2       NO_TRAFFIC:SINGLE
+all icmp 2.2.2.4:13399 <- 192.168.10.1:13399       0:0
-all carp 224.0.0.18 <- 10.0.0.2       NO_TRAFFIC:SINGLE
+all icmp 192.168.10.1:13399 -> 2.2.2.4:13399       0:0
-all pfsync 224.0.0.240 <- 192.168.23.2       NO_TRAFFIC:SINGLE
+all tcp 2.2.2.4:7 <- 192.168.10.1:11636       ESTABLISHED:ESTABLISHED
+all tcp 192.168.10.1:11636 -> 2.2.2.4:7       ESTABLISHED:ESTABLISHED
 </code>
@@ Line 295: / Line 304: @@
 <code>
 [root@VM3]~# pfctl -ss
-all icmp 10.0.0.4:39946 <- 192.168.10.1:39946       0:0
-all icmp 192.168.10.1:39946 -> 10.0.0.4:39946       0:0
-all tcp 10.0.0.4:22 <- 192.168.10.1:46911       ESTABLISHED:ESTABLISHED
-all tcp 192.168.10.1:46911 -> 10.0.0.4:22       ESTABLISHED:ESTABLISHED
-all carp 224.0.0.18 <- 10.0.0.2       NO_TRAFFIC:SINGLE
 all carp 224.0.0.18 <- 192.168.10.2       NO_TRAFFIC:SINGLE
+all carp 224.0.0.18 <- 2.2.2.2       NO_TRAFFIC:SINGLE
+all carp ff02::12 <- fe80::5a9c:fcff:fe02:2       NO_TRAFFIC:SINGLE
+all pfsync 192.168.23.3 -> 224.0.0.240       SINGLE:NO_TRAFFIC
 all pfsync 224.0.0.240 <- 192.168.23.2       NO_TRAFFIC:SINGLE
+all icmp 2.2.2.4:13399 <- 192.168.10.1:13399       0:0
+all icmp 192.168.10.1:13399 -> 2.2.2.4:13399       0:0
+all tcp 2.2.2.4:7 <- 192.168.10.1:11636       ESTABLISHED:ESTABLISHED
+all tcp 192.168.10.1:11636 -> 2.2.2.4:7       ESTABLISHED:ESTABLISHED
 </code>