Date: Wed, 4 Jun 2008 18:14:43 +1000 From: Peter Jeremy <peterjeremy@optushome.com.au> To: Max Laier <max@love2party.net> Cc: freebsd-net@freebsd.org Subject: Re: Understanding the interplay of ipfw, vlan, and carp Message-ID: <20080604081443.GJ1028@server.vk2pj.dyndns.org> In-Reply-To: <36735.192.168.4.151.1204669226.squirrel@router> References: <200803041351.46053.fjwcash@gmail.com> <36735.192.168.4.151.1204669226.squirrel@router>
next in thread | previous in thread | raw e-mail | index | archive | help
--nhAUiXSLan16V5i8 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On 2008-Mar-04 23:20:26 +0100, Max Laier <max@love2party.net> wrote: >You could try the attached patch. It adds carpdev support. You'll have >to recompile ifconfig to make use of it. I have just tried it and found that it does precisely the opposite of what I want :-( My situation: At work, I have a NAT box that is used to translate between our corporate intranet and my department's test models. There is (basically) 1:1 NAT and I use proxy-ARP on the intranet side (though I have gateway IPs on the internal side). I am trying to convert this to use CARP for failover. My external interface config currently looks like: ifconfig vlan10 10.10.10.1 vlandev fxp0 vlan 10 arp -s 10.10.10.2 auto pub arp -s 10.10.10.3 auto pub arp -s 10.10.10.4 auto pub arp -s 10.10.10.5 auto pub Ideally, I want to attach a carp device to vlan10 so I can do ifconfig vlan10 10.10.10.1 vlandev fxp0 vlan 10 ifconfig carp10 vhid 10 carpdev vlan10=20 arp -s 10.10.10.2 00:00:5e:00:01:0a pub arp -s 10.10.10.3 00:00:5e:00:01:0a pub arp -s 10.10.10.4 00:00:5e:00:01:0a pub arp -s 10.10.10.5 00:00:5e:00:01:0a pub ie the IP address remains with the specific box (the backup box has its own IP address). Unfortunately, the current carpdev code doesn't work this way: It lets me not assign an IP address to vlan10 but I still have to assign an IP address to carp10 (and it uses the latter address rather than the former address in the carp advertisements). Does what I want make sense to you and can you see any way it could be integrated into your carpdev patches. Note that one downside of your carpdev patches is that (AFAIK) it is no longer possible to identify which host sent the packet: The source and destination MAC addresses, as well as the destination IP address are all defined by CARP. Once you change the source IP address to be the shared address there's nothing to identify which host sent it. Finally, can anyone point me to a protocol specification for CARP. The only documentation I can find in either FreeBSD or OpenBSD is basically limited to "it's like VRRP but different to avoid the CISCO patent on HSRP". --=20 Peter Jeremy Please excuse any delays as the result of my ISP's inability to implement an MTA that is either RFC2821-compliant or matches their claimed behaviour. --nhAUiXSLan16V5i8 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (FreeBSD) iEYEARECAAYFAkhGTvMACgkQ/opHv/APuIebRACfdweukYlycy9aRD0iQNapXMKR 6Q4AnRuAtwn66CavJ3sn8rZWT2BOi78S =JPrH -----END PGP SIGNATURE----- --nhAUiXSLan16V5i8--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20080604081443.GJ1028>