Subject: Re: CARP Committed (correctly presented)
To: None <current-users@NetBSD.org>
From: John R. Shannon <email@example.com>
Date: 05/19/2006 12:57:02
David Young wrote:
> On Thu, May 18, 2006 at 10:18:45AM -0600, Herb Peyerl wrote:
>> On 18-May-06, at 10:12 AM, Jeff Rizzo wrote:
>>> I'm not familiar with keepalived, but what CARP does is to present a
>>> separate floating MAC address common to all the redundant
>>> interfaces to
>>> the upstream, so failover occurs as soon as the carp-implementing
>>> interfaces decide amongst themselves that it should.
>> That seems like it would have the same problem then. The upstream
>> switch will still have associated the virtual mac address with a
>> physical port and the only way it will know the mac address has moved
>> to a different physical port is to wait for some sort of traffic from
>> the new master. Though I'm just talking out of my posterior orifice
>> at this point... Maybe this works better in practice.
> In general, it doesn't sound to me like it should work. I figure it
> works 9 times out of 10 by chance: some packet just happens to update the
> switch's forwarding table in enough time that you don't notice a hiccup.
> hostapd sends a "802.2 Type 1 LLC XID Update" to update a switch's
> forwarding table when a wireless client moves from one AP to another.
> See src/dist/hostapd/iapp.c. I believe CARP should send the same type
> of update.
If you consider that it's primarily seen by firewalls, and that
firewalls pass outgoing packets frequently, the firewalls gateway should
update it's arp table in short order.
John R. Shannon, CISSP