From owner-freebsd-net@freebsd.org Wed Jun 8 16:03:02 2016 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 2A7E8B6F2A7 for ; Wed, 8 Jun 2016 16:03:02 +0000 (UTC) (envelope-from mgrooms@shrew.net) Received: from mx2.shrew.net (mx2.shrew.net [38.97.5.132]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 01A111ECF for ; Wed, 8 Jun 2016 16:03:01 +0000 (UTC) (envelope-from mgrooms@shrew.net) Received: from mail.shrew.net (mail.shrew.prv [10.24.10.20]) by mx2.shrew.net (8.14.7/8.14.7) with ESMTP id u58Fxqxi056345 for ; Wed, 8 Jun 2016 10:59:52 -0500 (CDT) (envelope-from mgrooms@shrew.net) Received: from [10.16.32.30] (unknown [172.126.77.65]) by mail.shrew.net (Postfix) with ESMTPSA id 8E07318CDEC for ; Wed, 8 Jun 2016 10:59:41 -0500 (CDT) Subject: Re: Getting CARP to broadcast on a different interface To: freebsd-net@freebsd.org References: <20160608124310.GG2050@box-hlm-03.niklaas.eu> <20160608145622.GA8540@box-hlm-03.niklaas.eu> From: Matthew Grooms Message-ID: <7a877e3c-9c77-c104-e47e-94c9d9389656@shrew.net> Date: Wed, 8 Jun 2016 11:02:48 -0500 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.1.1 MIME-Version: 1.0 In-Reply-To: <20160608145622.GA8540@box-hlm-03.niklaas.eu> Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 8bit X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.4.3 (mx2.shrew.net [10.24.10.11]); Wed, 08 Jun 2016 10:59:52 -0500 (CDT) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 08 Jun 2016 16:03:02 -0000 Hi Niklaas, Rewriting the multicast destination would be a neat trick, but sadly no. You can't rewrite a destination address on egress. Using a route-to rule would only modify the destination MAC address. If you were using OpenBSD, you would switch from multicast to unicast using the syncpeer option. Unfortunately that's not supported on FreeBSD. At one point I wrote a broadcast relay daemon to forward select UDP broadcast traffic between two networks separated by an IPsec tunnel. It had limited utility, but it worked well for what I needed it to do. I wonder if someone has written a multicast relay daemon that works in a similar fashion. If so, you could use it to forward CARP traffic to a peer. Super ugly, but it would probably do the trick in this scenario. -Matthew On 6/8/2016 9:56 AM, Niklaas Baudet von Gersdorff wrote: > Trond Endrestøl [2016-06-08 15:53 +0200] : > >> Although it sounds pretty bad, you could set up CARP on the internal >> network and use those CARP events to control the main interfaces, e.g. >> re-adjust their annoncement intervals, or something equally awful. > > Thanks, Trond. As you said, not that it sounds like a good idea but it's > a solution I will think about. > > What also came up in my head: Can't I re-reroute the CARP packets with > pf somehow? > > Niklaas >