FreeBSD Mail Archives

Date:      Wed, 08 Apr 2009 16:49:39 +0200
From:      Sebastiaan van Erk <sebster@sebster.com>
To:        freebsd-cluster@freebsd.org
Subject:   Re: CARP, openvpn in bridged mode, and ping
Message-ID:  <49DCB983.2070700@sebster.com>
In-Reply-To: <49DC7C96.2050203@sebster.com>

index | next in thread | previous in thread | raw e-mail


[-- Attachment #1 --]
Hi, just to explain further, ARP does not seem to work in the following 
situation:

client (tap0, 10.0.80.6) -> server (tap0 -> bridge0 -> em1, 10.0.80.77 
-> carp1, 10.0.80.1)

On the server I see on the em1 interface with tcpdump:

16:45:56.992297 00:bd:bf:f6:08:00 > ff:ff:ff:ff:ff:ff, ethertype ARP 
(0x0806), length 42: arp who-has 10.0.80.1 tell 10.0.80.6

but the server does not reply.

If the client is directly on the em1 interface (another machine which is 
directly on the LAN and not via the bridge), the server DOES reply:

16:46:47.502250 00:0c:29:e2:46:c8 > ff:ff:ff:ff:ff:ff, ethertype ARP 
(0x0806), length 60: arp who-has 10.0.80.1 tell 10.0.80.3
16:46:47.502283 00:0c:29:61:2a:55 > 00:0c:29:e2:46:c8, ethertype ARP 
(0x0806), length 42: arp reply 10.0.80.1 is-at 00:00:5e:00:01:02

Regards,
Sebastiaan

Sebastiaan van Erk wrote:
> Hi,
> 
> I have the following setup: two servers with a virtual LAN IP address 
> shared with CARP (the hosts are 10.0.80.77 and 10.0.80.76 and the 
> virtual IP address is 10.0.80.1).
> 
> When I ping the VIP from any host on the LAN, it works fine.
> 
> Next I have some openvpn clients (both 10.0.80.77 and 10.0.80.76 have 
> openvpn servers on their external IPs). The client IPs are on the LAN 
> using a bridge and are 10.0.80.150 (linux client) and 10.0.80.6 (freebsd 
> client).
> 
>  From linux I can ping the VIP (10.0.80.1) just fine, but when I do 
> arping I see (with tcpdump) that the the ARP requests are received by 
> the carp master on the tap0 device, but that it does not reply.
> 
>  From a FreeBSD VPN client I cannot ping the VIP (10.0.80.1), because it 
> does the ARP requests indefinitely and gets no answer.
> 
> Both machines ping to the other hosts on the LAN just fine (e.g., all of 
> them can ping 10.0.80.77 just fine).
> 
> Is there any way to get ARP to work (and thereby, ping to work) in this 
> configuration?
> 
> Regards,
> Sebastiaan
> 
> PS: the relevant ifconfig info is:
> 
> 10.0.80.77 (carp master and vpn server):
> em1: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 
> mtu 1500
>     options=98<VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM>
>     ether 00:0c:29:61:2a:55
>     inet 10.0.80.77 netmask 0xffffff00 broadcast 10.0.80.255
>     media: Ethernet autoselect (1000baseTX <full-duplex>)
>     status: active
> bridge0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 
> 1500
>     ether 12:d8:09:8d:1b:88
>     id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
>     maxage 20 holdcnt 6 proto rstp maxaddr 100 timeout 1200
>     root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
>     member: tap0 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
>             ifmaxaddr 0 port 9 priority 128 path cost 2000000
>     member: em1 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
>             ifmaxaddr 0 port 2 priority 128 path cost 20000
> carp1: flags=49<UP,LOOPBACK,RUNNING> metric 0 mtu 1500
>     inet 10.0.80.1 netmask 0xffffff00
>     carp: MASTER vhid 174 advbase 1 advskew 0
> tap0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 
> 0 mtu 1500
>     ether 00:bd:c0:02:00:00
>     Opened by PID 1199
> 
> 10.0.80.150 (the linux openvpn client):
> tap0      Link encap:Ethernet  HWaddr 46:c2:27:c9:36:e3
>           inet addr:10.0.80.150  Bcast:10.0.80.255  Mask:255.255.255.0
>           inet6 addr: fe80::44c2:27ff:fec9:36e3/64 Scope:Link
>           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>           RX packets:34336 errors:0 dropped:0 overruns:0 frame:0
>           TX packets:12951 errors:0 dropped:0 overruns:0 carrier:0
>           collisions:0 txqueuelen:100
>           RX bytes:11939564 (11.9 MB)  TX bytes:1191746 (1.1 MB)
> 
> 10.0.80.6 (the freebsd openvpn client):
> tap0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
>     ether 00:bd:bf:f6:08:00
>     inet 10.0.80.6 netmask 0xffffff00 broadcast 10.0.80.255
>     Opened by PID 71953
> 
> 

[-- Attachment #2 --]
0�	*�H��
��0�10	+0�	*�H��
��	Q0�0�l�S|
��6�$1-~�j�0
	*�H��
0b10	UZA1%0#U
Thawte Consulting (Pty) Ltd.1,0*U#Thawte Personal Freemail Issuing CA0
080630135157Z
090630135157Z0h10Uvan Erk10U*
Sebastiaan10USebastiaan van Erk1"0 	*�H��
	sebster@sebster.com0�"0
	*�H��
�0�
�����Va�\b��E�nݚ��a<���M8�ʄ���^tv>x��7����3bo���hi���2oq������S�_�¶�Bm^�p����*I	x"��9pt���!j������a�r�#���)n)��^�?'�z�<).+Ѐ4i����g���R'�UP��*\��Ւ���,?��.�;?f�B�ܯ����TzM I�Dվ�CK�*�3�Y��ŧ
�m��ca�z���t��xʐs�q�/�00.0U0�sebster@sebster.com0U�00
	*�H��
��KT�4�W6��ӽ���q]
t�S`�� %f�1��G:H��b�z�Jj$Ej��E��'�J���V~�-�VbVn�JZE/�`@��@0�4!+�T:��c	پ���f`$Z�=1�#|�o�G[�OBRG0�0�l�S|
��6�$1-~�j�0
	*�H��
0b10	UZA1%0#U
Thawte Consulting (Pty) Ltd.1,0*U#Thawte Personal Freemail Issuing CA0
080630135157Z
090630135157Z0h10Uvan Erk10U*
Sebastiaan10USebastiaan van Erk1"0 	*�H��
	sebster@sebster.com0�"0
	*�H��
�0�
�����Va�\b��E�nݚ��a<���M8�ʄ���^tv>x��7����3bo���hi���2oq������S�_�¶�Bm^�p����*I	x"��9pt���!j������a�r�#���)n)��^�?'�z�<).+Ѐ4i����g���R'�UP��*\��Ւ���,?��.�;?f�B�ܯ����TzM I�Dվ�CK�*�3�Y��ŧ
�m��ca�z���t��xʐs�q�/�00.0U0�sebster@sebster.com0U�00
	*�H��
��KT�4�W6��ӽ���q]
t�S`�� %f�1��G:H��b�z�Jj$Ej��E��'�J���V~�-�VbVn�JZE/�`@��@0�4!+�T:��c	پ���f`$Z�=1�#|�o�G[�OBRG0�?0���
0
	*�H��
0��10	UZA10UWestern Cape10U	Cape Town10U
Thawte Consulting1(0&UCertification Services Division1$0"UThawte Personal Freemail CA1+0)	*�H��
	personal-freemail@thawte.com0
030717000000Z
130716235959Z0b10	UZA1%0#U
Thawte Consulting (Pty) Ltd.1,0*U#Thawte Personal Freemail Issuing CA0��0
	*�H��
��0����Ħ<UsU�N�ʙZh�up��������[�v�:a�Q���P
0�cZ,�p����+�Z�?qV˯<���6$*�+��w=�+��>�@�dק���e��*T�H���<a@dr`�����0��0U�0�0CU<0:08�6�4�2http://crl.thawte.com/ThawtePersonalFreemailCA.crl0U0)U"0 �010UPrivateLabel2-1380
	*�H��
��H��P��.�
�f�g�����C���L!��6�-�6/��P �p<���ab��:~�����t�%P�b��'qW%�ݩ�9�� Oe_�������N���4�[5Mw�V!x��!5�$��F�]_eO1�q0�m0v0b10	UZA1%0#U
Thawte Consulting (Pty) Ltd.1,0*U#Thawte Personal Freemail Issuing CAS|
��6�$1-~�j�0	+���0	*�H��
	1	*�H��
0	*�H��
	1
090408144939Z0#	*�H��
	1���\���
b�+vn�%�0_	*�H��
	1R0P0	`�He0
*�H��
0*�H��
�0
*�H��
@0+0
*�H��
(0��	+�71x0v0b10	UZA1%0#U
Thawte Consulting (Pty) Ltd.1,0*U#Thawte Personal Freemail Issuing CAS|
��6�$1-~�j�0��*�H��
	1x�v0b10	UZA1%0#U
Thawte Consulting (Pty) Ltd.1,0*U#Thawte Personal Freemail Issuing CAS|
��6�$1-~�j�0
	*�H��
�""帙$�����.��ʼ�Xw�� �O�܍�,�L�Z��!�	�\��h]�1��G�&D�&��-m�i��
အ��N�e�o���MJha*!�繄�P�-e�G�>9���l�~�����s��(e�,�Vn�j�k�k}˒r��zW8� ��W:L������
��QF�ˋݞ5\����3��r��a�Q�V�3C�Dt"���b�-٨E�4S�=�-Z(��/�WVLgb�Fx\��g� ��

help

Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?49DCB983.2070700>

Header And Logo

Peripheral Links

Site Navigation

Header And Logo

Peripheral Links

Search

Site Navigation