Date: Wed, 29 Apr 2009 21:43:45 +0300 From: Nikos Vassiliadis <nvass@freemail.gr> To: Sebastiaan van Erk <sebster@sebster.com>, FreeBSD Questions Mailing List <freebsd-questions@freebsd.org> Subject: Re: CARP & bridge Message-ID: <49F89FE1.6070807@freemail.gr> In-Reply-To: <49F8269E.2010201@sebster.com> References: <49F81FF2.3040302@sebster.com> <1240999037.2645.3.camel@frodon.be-bif.ulb.ac.be> <49F8269E.2010201@sebster.com>
index | next in thread | previous in thread | raw e-mail
Sebastiaan van Erk wrote: > Hi, > > Julien Cigar wrote: >> On Wed, 2009-04-29 at 11:37 +0200, Sebastiaan van Erk wrote: >>> Hi, >>> >>> I have a bridged OpenVPN setup where the OpenVPN tap0 driver is >>> bridged (via bridge0) to the physical em1 interface, which has a VIP >>> via a carp1 interface: >>> >>> em1: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> >>> metric 0 mtu 1500 >>> options=98<VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM> >>> ether 00:0c:29:61:2a:55 >>> inet 10.0.80.77 netmask 0xffffff00 broadcast 10.0.80.255 >>> media: Ethernet autoselect (1000baseTX <full-duplex>) >>> status: active >>> bridge0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 >>> mtu 1500 >>> ether 9a:6a:9f:b2:65:da >>> id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15 >>> maxage 20 holdcnt 6 proto rstp maxaddr 100 timeout 1200 >>> root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0 >>> member: tap0 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP> >>> ifmaxaddr 0 port 11 priority 128 path cost 2000000 >>> member: em1 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP> >>> ifmaxaddr 0 port 2 priority 128 path cost 20000 >>> tap0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> >>> metric 0 mtu 1500 >>> ether 00:bd:48:03:00:00 >>> Opened by PID 24616 >>> carp1: flags=49<UP,LOOPBACK,RUNNING> metric 0 mtu 1500 >>> inet 10.0.80.74 netmask 0xffffff00 >>> carp: MASTER vhid 2 advbase 1 advskew 0 >>> >>> >>> The problem I have is that when I ping the VIP from a VPN client (on >>> tap0), the server receives arp requests for the VIP on tap0, but it >>> does not respond to them: >>> >>> # tcpdump -i tap0 -ln >>> 11:29:13.637048 arp who-has 10.0.80.74 tell 10.0.80.6 >>> >>> Is there any way to get the server to respond to arp requests on tap0 >>> for the VIP? >>> >> >> Maybe you've to do ARP Proxy on one side ? Try to add an ARP entry in >> the ARP table with arp (arp -s 1.2.3.4 MAC foo) .. > > Thanks for the suggestion. > > Ok, static arp works: that is, if I take the carp1 mac address and add > it to the arp table using: > > arp -s 10.0.80.74 00:00:5e:00:01:02 pub > > The ping starts to work. I'm still a bit confused why I have to do this > though, because I can ping the non-shared IP 10.0.80.77 from the VPN > client (via tap0) without any static arp, and I can ping the shared VIP > (10.0.80.74) from clients on the physical network (em1) as well without > any static arp. It's only when the ping it has to cross the bridge that > it's an issue. Does it make any difference if you set the IP address on the bridge0 iface and not on the physical one? I recall that the recommended setup is to use IP addresses on the bridge interface and leave the members of the bridge IPless. Nikoshome | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?49F89FE1.6070807>