David Young wrote:
> On Thu, May 18, 2006 at 10:18:45AM -0600, Herb Peyerl wrote:
>> On 18-May-06, at 10:12 AM, Jeff Rizzo wrote:
>>> I'm not familiar with keepalived, but what CARP does is to present a
>>> separate floating MAC address common to all the redundant  
>>> interfaces to
>>> the upstream, so failover occurs as soon as the carp-implementing
>>> interfaces decide amongst themselves that it should.
>> That seems like it would have the same problem then.  The upstream  
>> switch will still have associated the virtual mac address with a  
>> physical port and the only way it will know the mac address has moved  
>> to a different physical port is to wait for some sort of traffic from  
>> the new master.  Though I'm just talking out of my posterior orifice  
>> at this point... Maybe this works better in practice.
> 
> In general, it doesn't sound to me like it should work.  I figure it
> works 9 times out of 10 by chance: some packet just happens to update the
> switch's forwarding table in enough time that you don't notice a hiccup.
> 
> hostapd sends a "802.2 Type 1 LLC XID Update" to update a switch's
> forwarding table when a wireless client moves from one AP to another.
> See src/dist/hostapd/iapp.c.  I believe CARP should send the same type
> of update.
> 
> Dave
> 


If you consider that it's primarily seen by firewalls, and that 
firewalls pass outgoing packets frequently, the firewalls gateway should 
update it's arp table in short order.

-- 
John R. Shannon, CISSP
john@johnrshannon.com
jshannon@dsci-usa.com
john.r.shannon@us.army.mil
shannonjr@NetBSD.org