|
Hi Graeme,
> Are you 100% sure the firewall rules or a network
> misconfiguration aren't getting in the way?
>
> The most common flaw that causes this is a rule or route on
> the nominal master preventing it sending announcements, so
> the slave keeps transitioning.
>
> It's either that, or your system clocks are out of sync with
> each other.
>
> Graeme
We have rules on both firewalls looking like this, which I think should be
enough?
# accept VRRP sync data
$IPTABLES -A INPUT -s $CLASS_A -d 224.0.0.18 -p 112 -j ACCEPT
$IPTABLES -A INPUT -s $CLASS_B -d 224.0.0.18 -p 112 -j ACCEPT
$IPTABLES -A INPUT -s $CLASS_C -d 224.0.0.18 -p 112 -j ACCEPT
$IPTABLES -A INPUT -s $VRRP_BACKUPIP -d 224.0.0.18 -p 112 -j ACCEPT
Both servers are syncing clocks with a NTP server so this should not be the
culprit.
I also noticed that it was only the vrrp instances (vips) bound to a certain
nic that transitioned to master on the backup node. Could it be a buggy
driver or faulty hw? The nic is an onboard via velocity gigabit card. We
have three nics in each firewall and the other two are Intel cards.
Nicklas
|
