NetBSD-Bugs archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: kern/48945: CARP preempt is not working



The following reply was made to PR kern/48945; it has been noted by GNATS.

From: HEO SeonMeyong <netbsd%seirios.org@localhost>
To: gnats-bugs%NetBSD.org@localhost, bouyer%antioche.eu.org@localhost
Cc: kern-bug-people%netbsd.org@localhost, gnats-admin%netbsd.org@localhost,
 netbsd-bugs%netbsd.org@localhost, netbsd%seirios.org@localhost
Subject: Re: kern/48945: CARP preempt is not working
Date: Wed, 25 Jun 2014 12:16:40 +0900 (JST)

        Hi bouyer.
        Thank you very much for your review.
 
 bouyer>  No, I think it's correct. Preemption does indeed work (I have a 
similiar setup,
 bouyer>  but with ~30 interfaces) and the backup router does take the traffic
 bouyer>  if one of the master's interface goes down.
 bouyer>  rt-A's carp1 is still master because the CARP protocol says it should
 bouyer>  still be master (carp0 would remain master too if you disconnected the
 bouyer>  interface from the brdige in dom0 instead of taking it down). preemp
 bouyer>  only force backup->master transition but not the other way round
 
        I understand. I thought that CARP watchs CARP state and Interface
        state. but you sey CARP watches tied Interface state and not CARP
        I/F state.
 
 bouyer>  (that would be dangerous, you could end up with all interfaces in 
backup state
 bouyer>  on both routers).
 
        Followings are maybe off topic, sorry.
 
        I want to this works. I wrote rt-A/rt-B is a router, but in my real
        environment, rt-A and rt-B is router with Firewall(pf) and
        IDS(snort).
        So if rt-A and rt-B is asynmetric, pf and snort works limited
        because (for ex) Incomming traffic is pass through rt-A and outgoing
        traffic is pass through rt-B.
        I think(or hope) pfsync is avoidance of this limitation, but snort
        has no avoidance method.
 
        I thought it is very few situation that Physical I/F is up and carp
        I/F is down. But Operator can down CARP I/F, so I want force
        preemption method.
 
        Anyway, thank you very much for your review, again.
 
 HEO
 


Home | Main Index | Thread Index | Old Index