FreeBSD Mail Archives

Date:      Wed, 08 Apr 2009 16:49:39 +0200
From:      Sebastiaan van Erk <sebster@sebster.com>
To:        freebsd-cluster@freebsd.org
Subject:   Re: CARP, openvpn in bridged mode, and ping
Message-ID:  <49DCB983.2070700@sebster.com>
In-Reply-To: <49DC7C96.2050203@sebster.com>
References:  <49DC7C96.2050203@sebster.com>

This is a cryptographically signed message in MIME format.

--------------ms030009050200030306040909
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit

Hi, just to explain further, ARP does not seem to work in the following 
situation:

client (tap0, 10.0.80.6) -> server (tap0 -> bridge0 -> em1, 10.0.80.77 
-> carp1, 10.0.80.1)

On the server I see on the em1 interface with tcpdump:

16:45:56.992297 00:bd:bf:f6:08:00 > ff:ff:ff:ff:ff:ff, ethertype ARP 
(0x0806), length 42: arp who-has 10.0.80.1 tell 10.0.80.6

but the server does not reply.

If the client is directly on the em1 interface (another machine which is 
directly on the LAN and not via the bridge), the server DOES reply:

16:46:47.502250 00:0c:29:e2:46:c8 > ff:ff:ff:ff:ff:ff, ethertype ARP 
(0x0806), length 60: arp who-has 10.0.80.1 tell 10.0.80.3
16:46:47.502283 00:0c:29:61:2a:55 > 00:0c:29:e2:46:c8, ethertype ARP 
(0x0806), length 42: arp reply 10.0.80.1 is-at 00:00:5e:00:01:02

Regards,
Sebastiaan

Sebastiaan van Erk wrote:
> Hi,
> 
> I have the following setup: two servers with a virtual LAN IP address 
> shared with CARP (the hosts are 10.0.80.77 and 10.0.80.76 and the 
> virtual IP address is 10.0.80.1).
> 
> When I ping the VIP from any host on the LAN, it works fine.
> 
> Next I have some openvpn clients (both 10.0.80.77 and 10.0.80.76 have 
> openvpn servers on their external IPs). The client IPs are on the LAN 
> using a bridge and are 10.0.80.150 (linux client) and 10.0.80.6 (freebsd 
> client).
> 
>  From linux I can ping the VIP (10.0.80.1) just fine, but when I do 
> arping I see (with tcpdump) that the the ARP requests are received by 
> the carp master on the tap0 device, but that it does not reply.
> 
>  From a FreeBSD VPN client I cannot ping the VIP (10.0.80.1), because it 
> does the ARP requests indefinitely and gets no answer.
> 
> Both machines ping to the other hosts on the LAN just fine (e.g., all of 
> them can ping 10.0.80.77 just fine).
> 
> Is there any way to get ARP to work (and thereby, ping to work) in this 
> configuration?
> 
> Regards,
> Sebastiaan
> 
> PS: the relevant ifconfig info is:
> 
> 10.0.80.77 (carp master and vpn server):
> em1: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 
> mtu 1500
>     options=98<VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM>
>     ether 00:0c:29:61:2a:55
>     inet 10.0.80.77 netmask 0xffffff00 broadcast 10.0.80.255
>     media: Ethernet autoselect (1000baseTX <full-duplex>)
>     status: active
> bridge0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 
> 1500
>     ether 12:d8:09:8d:1b:88
>     id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
>     maxage 20 holdcnt 6 proto rstp maxaddr 100 timeout 1200
>     root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
>     member: tap0 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
>             ifmaxaddr 0 port 9 priority 128 path cost 2000000
>     member: em1 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
>             ifmaxaddr 0 port 2 priority 128 path cost 20000
> carp1: flags=49<UP,LOOPBACK,RUNNING> metric 0 mtu 1500
>     inet 10.0.80.1 netmask 0xffffff00
>     carp: MASTER vhid 174 advbase 1 advskew 0
> tap0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 
> 0 mtu 1500
>     ether 00:bd:c0:02:00:00
>     Opened by PID 1199
> 
> 10.0.80.150 (the linux openvpn client):
> tap0      Link encap:Ethernet  HWaddr 46:c2:27:c9:36:e3
>           inet addr:10.0.80.150  Bcast:10.0.80.255  Mask:255.255.255.0
>           inet6 addr: fe80::44c2:27ff:fec9:36e3/64 Scope:Link
>           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>           RX packets:34336 errors:0 dropped:0 overruns:0 frame:0
>           TX packets:12951 errors:0 dropped:0 overruns:0 carrier:0
>           collisions:0 txqueuelen:100
>           RX bytes:11939564 (11.9 MB)  TX bytes:1191746 (1.1 MB)
> 
> 10.0.80.6 (the freebsd openvpn client):
> tap0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
>     ether 00:bd:bf:f6:08:00
>     inet 10.0.80.6 netmask 0xffffff00 broadcast 10.0.80.255
>     Opened by PID 71953
> 
> 

--------------ms030009050200030306040909
Content-Type: application/x-pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"
Content-Description: S/MIME Cryptographic Signature

MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIJUTCC
AwMwggJsoAMCAQICEFN8DarMNuuKJDEtfs0UaqUwDQYJKoZIhvcNAQEFBQAwYjELMAkGA1UE
BhMCWkExJTAjBgNVBAoTHFRoYXd0ZSBDb25zdWx0aW5nIChQdHkpIEx0ZC4xLDAqBgNVBAMT
I1RoYXd0ZSBQZXJzb25hbCBGcmVlbWFpbCBJc3N1aW5nIENBMB4XDTA4MDYzMDEzNTE1N1oX
DTA5MDYzMDEzNTE1N1owaDEQMA4GA1UEBBMHdmFuIEVyazETMBEGA1UEKhMKU2ViYXN0aWFh
bjEbMBkGA1UEAxMSU2ViYXN0aWFhbiB2YW4gRXJrMSIwIAYJKoZIhvcNAQkBFhNzZWJzdGVy
QHNlYnN0ZXIuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsJDDAeYHVmH/
GVxi+bhFx27dmg++9BdhPJfk8k041sqEqq7oXnR2GT54quY3Ac7A1BuOM2JvoICraGmjud4y
b3EanRnqGIK6iH+VAhhTlV/Owrb2Qm1e13DLxwLp1SocSQl4IrEbF9Y5H3ASdIrE0iFqkpju
nPiiHeNhz3LaI5ipjiluKYoH+F6gPx8njHoaDxPePCkSLg4r0IA0afLM74LVZxCRBZEfyRZS
J6VVUJefKlz91dWSzR/3xSw/rO4u9Ds/Zh7VBUKy3K+YFryHxRpUek0gSepE1b70Q39L9Sqd
M/NZqMvFpwrqgW2Zh2Nh8nqRge90maR4ypBzz3GzLwIDAQABozAwLjAeBgNVHREEFzAVgRNz
ZWJzdGVyQHNlYnN0ZXIuY29tMAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQEFBQADgYEAS1Sk
NMgDVzb0ktO9tPPacV0KdKhTYOHcICVmuDEe2sFHOkjLAI1iAKp640pqJEVqvRnfRcCFJ9hK
koPjjVZ+ui2rVmJWBG6FSloLRS/YYED4tUAw6DQhK61UOpjkpQxjCdm+5bHG/2ZgJAda1j0x
uiN822+xFkcaW/5PQgxSRxcwggMDMIICbKADAgECAhBTfA2qzDbriiQxLX7NFGqlMA0GCSqG
SIb3DQEBBQUAMGIxCzAJBgNVBAYTAlpBMSUwIwYDVQQKExxUaGF3dGUgQ29uc3VsdGluZyAo
UHR5KSBMdGQuMSwwKgYDVQQDEyNUaGF3dGUgUGVyc29uYWwgRnJlZW1haWwgSXNzdWluZyBD
QTAeFw0wODA2MzAxMzUxNTdaFw0wOTA2MzAxMzUxNTdaMGgxEDAOBgNVBAQTB3ZhbiBFcmsx
EzARBgNVBCoTClNlYmFzdGlhYW4xGzAZBgNVBAMTElNlYmFzdGlhYW4gdmFuIEVyazEiMCAG
CSqGSIb3DQEJARYTc2Vic3RlckBzZWJzdGVyLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBALCQwwHmB1Zh/xlcYvm4Rcdu3ZoPvvQXYTyX5PJNONbKhKqu6F50dhk+eKrm
NwHOwNQbjjNib6CAq2hpo7neMm9xGp0Z6hiCuoh/lQIYU5VfzsK29kJtXtdwy8cC6dUqHEkJ
eCKxGxfWOR9wEnSKxNIhapKY7pz4oh3jYc9y2iOYqY4pbimKB/heoD8fJ4x6Gg8T3jwpEi4O
K9CANGnyzO+C1WcQkQWRH8kWUielVVCXnypc/dXVks0f98UsP6zuLvQ7P2Ye1QVCstyvmBa8
h8UaVHpNIEnqRNW+9EN/S/UqnTPzWajLxacK6oFtmYdjYfJ6kYHvdJmkeMqQc89xsy8CAwEA
AaMwMC4wHgYDVR0RBBcwFYETc2Vic3RlckBzZWJzdGVyLmNvbTAMBgNVHRMBAf8EAjAAMA0G
CSqGSIb3DQEBBQUAA4GBAEtUpDTIA1c29JLTvbTz2nFdCnSoU2Dh3CAlZrgxHtrBRzpIywCN
YgCqeuNKaiRFar0Z30XAhSfYSpKD441Wfrotq1ZiVgRuhUpaC0Uv2GBA+LVAMOg0ISutVDqY
5KUMYwnZvuWxxv9mYCQHWtY9MbojfNtvsRZHGlv+T0IMUkcXMIIDPzCCAqigAwIBAgIBDTAN
BgkqhkiG9w0BAQUFADCB0TELMAkGA1UEBhMCWkExFTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTES
MBAGA1UEBxMJQ2FwZSBUb3duMRowGAYDVQQKExFUaGF3dGUgQ29uc3VsdGluZzEoMCYGA1UE
CxMfQ2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjEkMCIGA1UEAxMbVGhhd3RlIFBl
cnNvbmFsIEZyZWVtYWlsIENBMSswKQYJKoZIhvcNAQkBFhxwZXJzb25hbC1mcmVlbWFpbEB0
aGF3dGUuY29tMB4XDTAzMDcxNzAwMDAwMFoXDTEzMDcxNjIzNTk1OVowYjELMAkGA1UEBhMC
WkExJTAjBgNVBAoTHFRoYXd0ZSBDb25zdWx0aW5nIChQdHkpIEx0ZC4xLDAqBgNVBAMTI1Ro
YXd0ZSBQZXJzb25hbCBGcmVlbWFpbCBJc3N1aW5nIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GN
ADCBiQKBgQDEpjxVc1X7TrnKmVoeaMB1BHCd3+n/ox7svc31W/Iadr1/DDph8r9RzgHU5VAK
MNcCY1osiRVwjt3J8CuFWqo/cVbLrzwLB+fxH5E2JCoTzyvV84J3PQO+K/67GD4Hv0CAAmTX
p6a7n2XRxSpUhQ9IBH+nttE8YQRAHmQZcmC3+wIDAQABo4GUMIGRMBIGA1UdEwEB/wQIMAYB
Af8CAQAwQwYDVR0fBDwwOjA4oDagNIYyaHR0cDovL2NybC50aGF3dGUuY29tL1RoYXd0ZVBl
cnNvbmFsRnJlZW1haWxDQS5jcmwwCwYDVR0PBAQDAgEGMCkGA1UdEQQiMCCkHjAcMRowGAYD
VQQDExFQcml2YXRlTGFiZWwyLTEzODANBgkqhkiG9w0BAQUFAAOBgQBIjNFQg+oLLswNo2as
Zw9/r6y+whehQ5aUnX9MIbj4Nh+qLZ82L8D0HFAgk3A8/a3hYWLD2ToZfoSxmRsAxRoLgnSe
JVCUYsfbJ3FXJY3dqZw5jowgT2Vfldr394fWxghOrvbqNOUQGls1TXfjViF4gtwhGTXeJLHT
HUb/XV9lTzGCA3EwggNtAgEBMHYwYjELMAkGA1UEBhMCWkExJTAjBgNVBAoTHFRoYXd0ZSBD
b25zdWx0aW5nIChQdHkpIEx0ZC4xLDAqBgNVBAMTI1RoYXd0ZSBQZXJzb25hbCBGcmVlbWFp
bCBJc3N1aW5nIENBAhBTfA2qzDbriiQxLX7NFGqlMAkGBSsOAwIaBQCgggHQMBgGCSqGSIb3
DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTA5MDQwODE0NDkzOVowIwYJKoZI
hvcNAQkEMRYEFILD+1yUl5IKYh8H3BIrdm7ogyXgMF8GCSqGSIb3DQEJDzFSMFAwCwYJYIZI
AWUDBAECMAoGCCqGSIb3DQMHMA4GCCqGSIb3DQMCAgIAgDANBggqhkiG9w0DAgIBQDAHBgUr
DgMCBzANBggqhkiG9w0DAgIBKDCBhQYJKwYBBAGCNxAEMXgwdjBiMQswCQYDVQQGEwJaQTEl
MCMGA1UEChMcVGhhd3RlIENvbnN1bHRpbmcgKFB0eSkgTHRkLjEsMCoGA1UEAxMjVGhhd3Rl
IFBlcnNvbmFsIEZyZWVtYWlsIElzc3VpbmcgQ0ECEFN8DarMNuuKJDEtfs0UaqUwgYcGCyqG
SIb3DQEJEAILMXigdjBiMQswCQYDVQQGEwJaQTElMCMGA1UEChMcVGhhd3RlIENvbnN1bHRp
bmcgKFB0eSkgTHRkLjEsMCoGA1UEAxMjVGhhd3RlIFBlcnNvbmFsIEZyZWVtYWlsIElzc3Vp
bmcgQ0ECEFN8DarMNuuKJDEtfs0UaqUwDQYJKoZIhvcNAQEBBQAEggEAIiLluJkk5vKErNYM
q/AuqhQBw8q85oFYdwbDySCTTx6l3I2KLOBMAONatuYh6QnGXJKjaF3fEzHy0UeKJkTdDhEm
kRueLW3rvmmWrgrhgKGNx07cZcBv+oWmTUpoYSoh9ee5hItQ4qMtZZZHFBWePjm88tJs5n7g
6wUH6vQHmgVz8cUoZY8sCLhWbqpqF99r4KJrfcuScvTKelc42yCtF6NXOkzhtRKc9f62lgqF
9lFG08uL3Z41XIKwks8zqpRyH9LwHWHuklHpVuwzQ8tEdCKHmaMZYvktBNmoRcU0D39TFBr/
PaYtWigc9+svzFdWTGdikEZ4FVyJlGeTIKfaBgAAAAAAAA==
--------------ms030009050200030306040909--

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?49DCB983.2070700>

Header And Logo

Peripheral Links

Site Navigation

Header And Logo

Peripheral Links

Search

Site Navigation