On 9 May 2006, at 05:34, George Chen wrote:

> Hi,
>
> I have a question about CARP.
>
> I have two firewalls named fw1 and fw2. eth0 and eth0 are two  
> interfaces on
> both fw1 and fw2. It works well when fw1 serves as MASTER, which means
> fw1.eth0 and fw1.eth1 are all MASTER. The problem is, when I down  
> fw1.eth0
> and therefore fw1.eth0 becomes BACKUP while fw2.eth0 becomes  
> MASTER, will
> fw1.eth1 failovers to fw2.eth1? I didn't see that fw1.eth1 becomes  
> BACKUP,
> which leads to the traffic fails.
>
> I don't know if CARPs on different interfaces but one same  
> appliance are
> associated. If not, CARP can't help if individual interface fails.  
> Am I
> right? If yes, how does it implemented?
>
> Thanks for all your time,
>
> Regards,
> George Chen

Hello, yes, I understand what you mean. Please view the following URL:

http://www.openbsd.org/faq/pf/carp.html#failover

Check the following:

# sysctl -w net.inet.carp.preempt=1

This will cause group interface fall over. Are you running my patch  
against
CURRENT or just asking?

		---
		Liam J. Foy
		<liamjfoy@netbsd.org>
		<liamfoy@sepulcrum.org>
		BSDPortal.org