From owner-freebsd-hackers Wed Jan 24 7:16:44 2001 Delivered-To: freebsd-hackers@freebsd.org Received: from hnmail7.dac.migros.ch (mail2.gmaare.migros.ch [164.14.132.116]) by hub.freebsd.org (Postfix) with ESMTP id 7918537B400 for ; Wed, 24 Jan 2001 07:16:26 -0800 (PST) Received: by hnmail7.dac.migros.ch with Internet Mail Service (5.5.2653.19) id ; Wed, 24 Jan 2001 16:16:16 +0100 Received: from gmaare.migros.net (hunetm03.dac.migros.ch [10.16.61.22]) by hnmail2.dac.migros.ch with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2653.13) id DDCK8Y8N; Wed, 24 Jan 2001 16:16:09 +0100 From: Andreas Brodmann To: Dejvid Zaninovic Cc: freebsd-hackers@freebsd.org Message-ID: <3A6EF007.9F06DBF8@gmaare.migros.net> Date: Wed, 24 Jan 2001 16:08:55 +0100 X-Mailer: Mozilla 4.73 [en] (X11; U; Linux 2.2.16 i686) X-Accept-Language: en MIME-Version: 1.0 Subject: Re: IP Address Overtaking References: <000e01c08615$ddda4b80$230aa8c0@newyork.mod> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG > > just a suggestion: In production environments it is a must to also > > take over the cluster partner's mac address. Something that > > would make a nice plus to your script. > > I was thinking about that.... I don't see that this is a must in production > environment because when you assign a new virtual address to the interface > broadcast is done and all hosts that have that ip in the arp cache are > updated. It is clearly stated in arp protocol that ip address can be moved > from host to host, that is why arp spoofing works. On normal internetworking hosts, without the necessity of high availability this works fine. Not all hosts do update or even flush their arp cache with the same frequency though. Some have a cycle of less than one minute on routers on the other hand the default arp cache timeout is a lot higher which would force clients not in the same subnet to wait until the router flushes its arp cache until they can access your FreeBSD machine again. -> not ha compliant. > The problem with mac address is that you can have only one per interface and > I would like to have more virtual addresses per interface. If I wanted to > have five ip addresses per host I would need to have five mac addresses at > the same time on the same interface which is as far as I know not so > possible, especially using only shell tools. There is a way to solve this problem by having a second interface in each cluster partner serving as standby interface. To this interface you assign the mac of its partner's interface and all its interfaces ip addresses. Just a hint: Have a look at scyld.com and Donald Becker's new Linux driver architecture. Many new cards allow for using more than one mac per card even without going into promiscuous mode. They can then be assigned to different subinterfaces. I don't know wheter the FreeBSD drivers support this. Anyway we still keep to the old fashioned way mentionned above, as the new Linux network driver architecture is not yet as stable as it could be, but once it is this would solve your problem. Regards, Andreas --- switch To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message