Discussion:
carp backup and disconnecting ssh session
MJ J
2021-05-23 14:58:47 UTC
Permalink
Hi,

I have a carp master and backup on a pair of one-armed Rapsberry Pi 4B
devices (router1 and router2) and when I ssh to the backup using the
carp IP as my gateway, it repeatedly throws me out after a few seconds
with the message:

My laptop's network config:
-----------------------------------
IP: 192.168.4.109
Subnet mask: 255.255.255.0
Gateway: 192.168.4.1

Both RPI4s are connected to switchports with packets tagged for VLANs
2,3,4,6 and the network devices don't have IP configuration -
everything is configured on VLAN interfaces with the single parent
interface bse0. CARP failover actually works as expected, but as
mentioned I am unable to maintain an ssh session with the backup
"router2" while using the carp IPs as my network gateway.

Network switch is a Zyxel GS1200-8 with firmware V2.00(ABME.0)C0. Loop
prevention is enabled and I have also tested with it disabled to no
avail.

What happens:
-----------------------------------
$ ssh 10.0.1.101
Last login: Sun May 23 17:44:21 2021 from 10.0.1.100
OpenBSD 6.9 (GENERIC.MP) #1134: Sun Apr 18 01:53:35 MDT 2021
router2#
router2# client_loop: send disconnect: Broken pipe


Router 1 network config:
-----------------------------------
router1# cat hostname.bse0
up

router1# cat hostname.vlan2
172.16.1.6/24 172.16.1.255 parent bse0 vnetid 2 group PFSYNC
description "private segment with router2"

router1# cat hostname.vlan3
10.0.1.100/24 10.0.1.255 parent bse0 vnetid 3 group INTERNAL
description "router1 internal interface"

router1# cat hostname.vlan4
192.168.1.252/24 192.168.1.255 parent bse0 vnetid 4 group OLDSHIT
description "unmigrated shit"

router1# cat hostname.vlan6
192.168.4.2/24 192.168.4.255 parent bse0 vnetid 6 group TCWIFI
description "Time-Capsule Wifi"

router1# cat hostname.carp4
192.168.1.1/24 carpdev vlan4 pass fukdissh1t vhid 41 advskew 1
description "TC-WIFI gateway"

router1# cat hostname.carp6
192.168.4.1/24 carpdev vlan6 pass fukdissh1t vhid 61 advskew 1
description "TC-WIFI gateway"


Router2 network config:
-----------------------------------
router2# cat hostname.bse0
up

router2# cat hostname.vlan2
172.16.1.7/24 172.16.1.255 parent bse0 vnetid 2 group PFSYNC
description "private segment with router1"

router2# cat hostname.vlan3
10.0.1.101/24 10.0.1.255 parent bse0 vnetid 3 group INTERNAL
description "router2 internal interface"

router2# cat hostname.vlan4
192.168.1.253/24 192.168.1.255 parent bse0 vnetid 4 group OLDSHIT
description "unmigrated shit"

router2# cat hostname.vlan6
192.168.4.3/24 192.168.4.255 parent bse0 vnetid 6 group TCWIFI
description "Time-Capsule Wifi"

router2# cat hostname.carp4
192.168.1.1/24 carpdev vlan4 pass fukdissh1t vhid 41 advskew 128
description "TC-WIFI gateway"

router2# cat hostname.carp6
192.168.4.1/24 carpdev vlan6 pass fukdissh1t vhid 61 advskew 128
description "TC-WIFI gateway"


Any tips much appreciated.

-mike
Sebastian Benoit
2021-05-24 20:54:06 UTC
Permalink
Post by MJ J
Hi,
I have a carp master and backup on a pair of one-armed Rapsberry Pi 4B
devices (router1 and router2) and when I ssh to the backup using the
carp IP as my gateway, it repeatedly throws me out after a few seconds
-----------------------------------
IP: 192.168.4.109
Subnet mask: 255.255.255.0
Gateway: 192.168.4.1
Both RPI4s are connected to switchports with packets tagged for VLANs
2,3,4,6 and the network devices don't have IP configuration -
everything is configured on VLAN interfaces with the single parent
interface bse0. CARP failover actually works as expected, but as
mentioned I am unable to maintain an ssh session with the backup
"router2" while using the carp IPs as my network gateway.
Network switch is a Zyxel GS1200-8 with firmware V2.00(ABME.0)C0. Loop
prevention is enabled and I have also tested with it disabled to no
avail.
-----------------------------------
$ ssh 10.0.1.101
Last login: Sun May 23 17:44:21 2021 from 10.0.1.100
OpenBSD 6.9 (GENERIC.MP) #1134: Sun Apr 18 01:53:35 MDT 2021
router2#
router2# client_loop: send disconnect: Broken pipe
you ssh from 192.168.4.109 to 10.0.1.101?

My best guess is that you have asymetric routing and your carp master
router1 only sees one direction of the traffic:

laptop -> router1 -> router2
and
router2 -> laptop

because router2 has your laptop network locally on vlan6.

Solution: ssh to 192.168.4.3.
Post by MJ J
-----------------------------------
router1# cat hostname.bse0
up
router1# cat hostname.vlan2
172.16.1.6/24 172.16.1.255 parent bse0 vnetid 2 group PFSYNC
description "private segment with router2"
router1# cat hostname.vlan3
10.0.1.100/24 10.0.1.255 parent bse0 vnetid 3 group INTERNAL
description "router1 internal interface"
router1# cat hostname.vlan4
192.168.1.252/24 192.168.1.255 parent bse0 vnetid 4 group OLDSHIT
description "unmigrated shit"
router1# cat hostname.vlan6
192.168.4.2/24 192.168.4.255 parent bse0 vnetid 6 group TCWIFI
description "Time-Capsule Wifi"
router1# cat hostname.carp4
192.168.1.1/24 carpdev vlan4 pass fukdissh1t vhid 41 advskew 1
description "TC-WIFI gateway"
router1# cat hostname.carp6
192.168.4.1/24 carpdev vlan6 pass fukdissh1t vhid 61 advskew 1
description "TC-WIFI gateway"
-----------------------------------
router2# cat hostname.bse0
up
router2# cat hostname.vlan2
172.16.1.7/24 172.16.1.255 parent bse0 vnetid 2 group PFSYNC
description "private segment with router1"
router2# cat hostname.vlan3
10.0.1.101/24 10.0.1.255 parent bse0 vnetid 3 group INTERNAL
description "router2 internal interface"
router2# cat hostname.vlan4
192.168.1.253/24 192.168.1.255 parent bse0 vnetid 4 group OLDSHIT
description "unmigrated shit"
router2# cat hostname.vlan6
192.168.4.3/24 192.168.4.255 parent bse0 vnetid 6 group TCWIFI
description "Time-Capsule Wifi"
router2# cat hostname.carp4
192.168.1.1/24 carpdev vlan4 pass fukdissh1t vhid 41 advskew 128
description "TC-WIFI gateway"
router2# cat hostname.carp6
192.168.4.1/24 carpdev vlan6 pass fukdissh1t vhid 61 advskew 128
description "TC-WIFI gateway"
Any tips much appreciated.
-mike
--

Loading...