Re: kern/48945: CARP preempt is not working

To: bouyer%antioche.eu.org@localhost
Subject: Re: kern/48945: CARP preempt is not working
From: HEO SeonMeyong <netbsd%seirios.org@localhost>
Date: Fri, 04 Jul 2014 17:27:07 +0900 (JST)

        Hi bouyer.
        I'm very thanks for your reply, and sorry for late reply.

bouyer> >  bouyer>  (that would be dangerous, you could end up with all 
interfaces in backup state
bouyer> >  bouyer>  on both routers).
bouyer> >  
bouyer> >       Followings are maybe off topic, sorry.
bouyer> >  
bouyer> >       I want to this works. I wrote rt-A/rt-B is a router, but in my 
real
bouyer> >       environment, rt-A and rt-B is router with Firewall(pf) and
bouyer> >       IDS(snort).
bouyer> >       So if rt-A and rt-B is asynmetric, pf and snort works limited
bouyer> >       because (for ex) Incomming traffic is pass through rt-A and 
outgoing
bouyer> >       traffic is pass through rt-B.
bouyer> 
bouyer> this is what I don't get; why would traffic go to rt-B if rt-A is up ?
bouyer> And if rt-A is down, traffic won't go to it (there may be some time 
before
bouyer> the traffic switches from A to B while the switch's commutation table is
bouyer> updated).
bouyer> I have a setup similar to yours, and AFAIK if an interface on rt-A goes
bouyer> down, all traffic is redirected to rt-B.

        I found following scenario.

        0. Topology

                carp0        carp1
               xennet0      xennet1
                  +--- rt-A ---+
        Term-A ---+            +--- Term-B
                  +--- rt-B ---+

        Term-A: 10.0.0.10/24 default route is 10.0.0.1(carp0's Addr)
        carp0 :          10.0.0.1/24
        rt-A  : xennet0: 10.0.0.2/24
        rt-B  : xennet0: 10.0.0.3/24

        Term-B: 10.1.1.10/24 default route is 10.1.1.1(carp1's Addr)
        carp0 :          10.1.1.1/24
        rt-A  : xennet1: 10.1.1.2/24
        rt-B  : xennet1: 10.1.1.3/24

        1. rt-A's carp0: advskew 100, tied to xennet0 -> MASTER has 10.0.0.1
                  carp1: advskew 100, tied to xennet1 -> MASTER has 10.1.1.1
           rt-B's carp0: advskew 150, tied to xennet0 -> BACKUP
                  carp1: advskew 150, tied to xennet1 -> BACKUP

        2. I did followings on rt-A
           ifconfig carp0 down
           then state is followings
           rt-A's carp0: down -> BACKUP
                  carp1: up   -> MASTER : has 10.0.0.1
           rt-B's carp0: up   -> MASTER : has 10.1.1.1
                  carp1: up   -> BACKUP

        3. Ping from Term-A to Term-B
           for go:  Term-A -> rt-B's carp0 -> rt-B's xennet1 -> Term-B
           go back: Term-B -> rt-A's carp1 -> rt-A's xennet0 -> Term-A
           This is because rt-A's carp0 is down but carp1 is up.

        Of cource this is worst case because this is rare case that xennet0
        has no trouble but carp0 is down.
        As you say if an interdace on rt-A goes down, all traffic is
        redirected to rt-B because if Physical interface(or interface which
        tied to carp interface) is down, preempting is work.

        "Now" I thought too much worried of my senario, but it will be able
        to happen.

        Thanks again.

HEO

References:
- Re: kern/48945: CARP preempt is not working
  - From: HEO SeonMeyong
- Re: kern/48945: CARP preempt is not working
  - From: Manuel Bouyer

Prev by Date: Re: bin/47430 (gdb can't debug threaded programs)
Next by Date: Re: kern/48945: CARP preempt is not working
Previous by Thread: Re: kern/48945: CARP preempt is not working
Next by Thread: Re: kern/48945: CARP preempt is not working
Indexes:

Home | Main Index | Thread Index | Old Index