Hey list, The thread about "Why Are You Using FreeBSD", listing the pros and cons of FBSD, has brought back a topic to mind. Recently (read, < 3 months ago) I was experimenting with IPv6 and CARP on 8.x boxes and that crashed them both. I posted a thread on -net and, sadly, never got a single reply. Has anyone else run into problems when using IPv6 + CARP ? I plan to hold a presentation at work on IP6 and why we should start using it, however I cannot promote the use of IP6 without redundancy between firewalls like we currently do with CARP + pfsync. I can, of course, post additional information as required.
On 31 May 2012 06:42, Damien Fleuriot <ml@my.gd> wrote:> Hey list, > > The thread about "Why Are You Using FreeBSD", listing the pros and cons > of FBSD, has brought back a topic to mind. > > Recently (read, < 3 months ago) I was experimenting with IPv6 and CARP > on 8.x boxes and that crashed them both. > > I posted a thread on -net and, sadly, never got a single reply.Did you file a PR? Chances are bz (IPv6 maintainer) has just been very busy. :-) Adrian
Meant to reply to this at the time, but have been away...> Has anyone else run into problems when using IPv6 + CARP ?I ran into some - aliases on a CARP integface did not seem to work proprly - but if you workaround that then it appears to work fine. We are using it in production with no problems.> I plan to hold a presentation at work on IP6 and why we should start > using it, however I cannot promote the use of IP6 without redundancy > between firewalls like we currently do with CARP + pfsync.The redundancy with pfsync works properly - an ssh session is maintained through the firewalls when they failover. I configure my machines to use a paiur of carp interfaces on each physical port, so I am not mixing IPv4 and IPv6 on the same interface. I onyl did that as an experiment when I was trying to work around the aliases problem, but have kept it for "tidnyess" Basically our experience of the setup has been very positive - our main connectivity issues have come from the HE/Cogent peering squabble rather than any FreeBSD/Carp/PF failing. cheers, -pete.
On 6/12/2012 20:08, Pete French wrote:>> I have noticed this issue (CARP + IPv4 aliases) with older (pre 9.x) >> versions of FreeBSD. > > Ah, just to be clear, the only problems I had with aliases weher IPv6 - it > always worked properly with IPv4. But I didnt try on anything pre 8.1! > > -pete.Doh, I caught this just as I hit send :P -- Adam Strohl http://www.ateamsystems.com/