NetBSD-Bugs archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: kern/48945: CARP preempt is not working

        Hi bouyer.
        I'm very thanks for your reply, and sorry for late reply.

bouyer> >  bouyer>  (that would be dangerous, you could end up with all 
interfaces in backup state
bouyer> >  bouyer>  on both routers).
bouyer> >  
bouyer> >       Followings are maybe off topic, sorry.
bouyer> >  
bouyer> >       I want to this works. I wrote rt-A/rt-B is a router, but in my 
bouyer> >       environment, rt-A and rt-B is router with Firewall(pf) and
bouyer> >       IDS(snort).
bouyer> >       So if rt-A and rt-B is asynmetric, pf and snort works limited
bouyer> >       because (for ex) Incomming traffic is pass through rt-A and 
bouyer> >       traffic is pass through rt-B.
bouyer> this is what I don't get; why would traffic go to rt-B if rt-A is up ?
bouyer> And if rt-A is down, traffic won't go to it (there may be some time 
bouyer> the traffic switches from A to B while the switch's commutation table is
bouyer> updated).
bouyer> I have a setup similar to yours, and AFAIK if an interface on rt-A goes
bouyer> down, all traffic is redirected to rt-B.

        I found following scenario.

        0. Topology

                carp0        carp1
               xennet0      xennet1
                  +--- rt-A ---+
        Term-A ---+            +--- Term-B
                  +--- rt-B ---+

        Term-A: default route is's Addr)
        carp0 :
        rt-A  : xennet0:
        rt-B  : xennet0:

        Term-B: default route is's Addr)
        carp0 :
        rt-A  : xennet1:
        rt-B  : xennet1:

        1. rt-A's carp0: advskew 100, tied to xennet0 -> MASTER has
                  carp1: advskew 100, tied to xennet1 -> MASTER has
           rt-B's carp0: advskew 150, tied to xennet0 -> BACKUP
                  carp1: advskew 150, tied to xennet1 -> BACKUP

        2. I did followings on rt-A
           ifconfig carp0 down
           then state is followings
           rt-A's carp0: down -> BACKUP
                  carp1: up   -> MASTER : has
           rt-B's carp0: up   -> MASTER : has
                  carp1: up   -> BACKUP

        3. Ping from Term-A to Term-B
           for go:  Term-A -> rt-B's carp0 -> rt-B's xennet1 -> Term-B
           go back: Term-B -> rt-A's carp1 -> rt-A's xennet0 -> Term-A
           This is because rt-A's carp0 is down but carp1 is up.

        Of cource this is worst case because this is rare case that xennet0
        has no trouble but carp0 is down.
        As you say if an interdace on rt-A goes down, all traffic is
        redirected to rt-B because if Physical interface(or interface which
        tied to carp interface) is down, preempting is work.

        "Now" I thought too much worried of my senario, but it will be able
        to happen.

        Thanks again.


Home | Main Index | Thread Index | Old Index