From nobody Sun Feb 13 10:17:42 2022
X-Original-To: freebsd-net@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id DD64F19B175D
	for <freebsd-net@mlmmj.nyi.freebsd.org>; Sun, 13 Feb 2022 10:17:53 +0000 (UTC)
	(envelope-from freebsd@omnilan.de)
Received: from mx0.gentlemail.de (mx0.gentlemail.de [IPv6:2a00:e10:2800::a130])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mx1.freebsd.org (Postfix) with ESMTPS id 4JxNb46sHbz4dYx
	for <freebsd-net@freebsd.org>; Sun, 13 Feb 2022 10:17:52 +0000 (UTC)
	(envelope-from freebsd@omnilan.de)
Received: from mh0.gentlemail.de (mh0.gentlemail.de [78.138.80.135])
	by mx0.gentlemail.de (8.15.2/8.15.2) with ESMTP id 21DAHhK3086259;
	Sun, 13 Feb 2022 11:17:43 +0100 (CET)
	(envelope-from freebsd@omnilan.de)
Received: from titan.inop.mo1.omnilan.net (s1.omnilan.de [217.91.127.234])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by mh0.gentlemail.de (Postfix) with ESMTPSA id 4424C225;
	Sun, 13 Feb 2022 11:17:43 +0100 (CET)
Subject: Re: Some strangeness with CARP
To: Andrea Venturoli <ml@netfence.it>, freebsd-net@freebsd.org
References: <594e3d18-9645-3b3f-7a41-87c586fb93ad@netfence.it>
From: Harry Schmalzbauer <freebsd@omnilan.de>
Organization: OmniLAN
Message-ID: <2ad44687-c7c9-9e0c-00f0-25b4c7798bfa@omnilan.de>
Date: Sun, 13 Feb 2022 11:17:42 +0100
User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:52.0) Gecko/20100101
 Thunderbird/52.7.0
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-net
List-Help: <mailto:freebsd-net+help@freebsd.org>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Subscribe: <mailto:freebsd-net+subscribe@freebsd.org>
List-Unsubscribe: <mailto:freebsd-net+unsubscribe@freebsd.org>
Sender: owner-freebsd-net@freebsd.org
MIME-Version: 1.0
In-Reply-To: <594e3d18-9645-3b3f-7a41-87c586fb93ad@netfence.it>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
Content-Language: en-US
X-Rspamd-Queue-Id: 4JxNb46sHbz4dYx
X-Spamd-Bar: --
Authentication-Results: mx1.freebsd.org;
	dkim=none;
	dmarc=none;
	spf=pass (mx1.freebsd.org: domain of freebsd@omnilan.de designates 2a00:e10:2800::a130 as permitted sender) smtp.mailfrom=freebsd@omnilan.de
X-Spamd-Result: default: False [-2.98 / 15.00];
	 RCVD_VIA_SMTP_AUTH(0.00)[];
	 ARC_NA(0.00)[];
	 NEURAL_HAM_MEDIUM(-1.00)[-1.000];
	 FROM_HAS_DN(0.00)[];
	 TO_DN_SOME(0.00)[];
	 R_SPF_ALLOW(-0.20)[+mx];
	 NEURAL_HAM_LONG(-1.00)[-1.000];
	 MIME_GOOD(-0.10)[text/plain];
	 DMARC_NA(0.00)[omnilan.de];
	 HAS_ORG_HEADER(0.00)[];
	 RCVD_COUNT_THREE(0.00)[3];
	 TO_MATCH_ENVRCPT_SOME(0.00)[];
	 NEURAL_HAM_SHORT(-0.68)[-0.682];
	 RCPT_COUNT_TWO(0.00)[2];
	 MLMMJ_DEST(0.00)[freebsd-net];
	 FROM_EQ_ENVFROM(0.00)[];
	 R_DKIM_NA(0.00)[];
	 MIME_TRACE(0.00)[0:+];
	 ASN(0.00)[asn:61157, ipnet:2a00:e10:2800::/38, country:DE];
	 RCVD_TLS_LAST(0.00)[];
	 MID_RHS_MATCH_FROM(0.00)[]
X-ThisMailContainsUnwantedMimeParts: N

Am 12.02.2022 um 12:53 schrieb Andrea Venturoli:
> Hello.
>
> I've set up a network with CARP and I think I'm seeing something strange.
>
> What follows is a simplified setup (the real one involves lagg and 
> vlan, but this should not matter).
>
> I have a Zyxel managed switch,
> two "servers":
> - A 192.168.0.1
> - B 192.168.0.2
> and two "clients"
> - C 192.168.0.10
> - D 192.168.0.11
>
> Now let's add the "shared" CARP IP 192.168.0.3 (vhid 1) to server A 
> and server B and start sniffing on C and D.
>
> If C or D talks with A or B using their own IP 
> (192.168.0.1/192.168.0.2) the other client does not see that traffic 
> (as is to be expected on a switched network).
> However if any client talks with the CARP IP (192.168.0.3) every node 
> on the LAN can sniff that traffic!
>
> I tracked this down to the switch not learning the MAC address 
> 00:00:5e:00:01:01 (which is what CARP vhid 1 uses), so every outgoing 
> packet is broadcast to the whole network.
> Is this normal???
>
>
>
> Changing to any other VHID (I tried 2, 4 and 10) does not show the 
> same problem, as 00:00:5e:00:01:xx will show up in the switch MAC 
> database.
>
> I'm scrapping my head trying to find an explanation, but so far I 
> could only think the switch is misbehaving.
> Or am I missing some info and there's a reason for this?

Hi, if source address of the SYN-ACK reply between [C|D] -> carpIP is 
.3/0:0:5e:00:01:01, I'd blame the switch too (mac adress learning limit 
set for the port(s) in question?!?).
But maybe [A|B] respond with wrong source MAC address, depending on the 
VHID? Probably not possible at all - don't know our stack that deep.  
Worth and easy to check nevertheless.

good hunting,
-harry