Re: kern/48945: CARP preempt is not working

To: kern-bug-people%netbsd.org@localhost,gnats-admin%netbsd.org@localhost,netbsd-bugs%netbsd.org@localhost,netbsd%seirios.org@localhost
Subject: Re: kern/48945: CARP preempt is not working
From: HEO SeonMeyong <netbsd%seirios.org@localhost>
Date: Fri, 4 Jul 2014 08:50:01 +0000 (UTC)

The following reply was made to PR kern/48945; it has been noted by GNATS.

From: HEO SeonMeyong <netbsd%seirios.org@localhost>
To: bouyer%antioche.eu.org@localhost
Cc: gnats-bugs%NetBSD.org@localhost, kern-bug-people%NetBSD.org@localhost,
 gnats-admin%NetBSD.org@localhost, netbsd-bugs%NetBSD.org@localhost, 
netbsd%seirios.org@localhost
Subject: Re: kern/48945: CARP preempt is not working
Date: Fri, 04 Jul 2014 17:27:07 +0900 (JST)

        Hi bouyer.
        I'm very thanks for your reply, and sorry for late reply.

 bouyer> >  bouyer>  (that would be dangerous, you could end up with all 
interfaces in backup state
 bouyer> >  bouyer>  on both routers).
 bouyer> >  
 bouyer> >      Followings are maybe off topic, sorry.
 bouyer> >  
 bouyer> >      I want to this works. I wrote rt-A/rt-B is a router, but in my 
real
 bouyer> >      environment, rt-A and rt-B is router with Firewall(pf) and
 bouyer> >      IDS(snort).
 bouyer> >      So if rt-A and rt-B is asynmetric, pf and snort works limited
 bouyer> >      because (for ex) Incomming traffic is pass through rt-A and 
outgoing
 bouyer> >      traffic is pass through rt-B.
 bouyer> 
 bouyer> this is what I don't get; why would traffic go to rt-B if rt-A is up ?
 bouyer> And if rt-A is down, traffic won't go to it (there may be some time 
before
 bouyer> the traffic switches from A to B while the switch's commutation table 
is
 bouyer> updated).
 bouyer> I have a setup similar to yours, and AFAIK if an interface on rt-A goes
 bouyer> down, all traffic is redirected to rt-B.

        I found following scenario.

        0. Topology

                carp0        carp1
               xennet0      xennet1
                  +--- rt-A ---+
        Term-A ---+            +--- Term-B
                  +--- rt-B ---+

        Term-A: 10.0.0.10/24 default route is 10.0.0.1(carp0's Addr)
        carp0 :          10.0.0.1/24
        rt-A  : xennet0: 10.0.0.2/24
        rt-B  : xennet0: 10.0.0.3/24

        Term-B: 10.1.1.10/24 default route is 10.1.1.1(carp1's Addr)
        carp0 :          10.1.1.1/24
        rt-A  : xennet1: 10.1.1.2/24
        rt-B  : xennet1: 10.1.1.3/24

        1. rt-A's carp0: advskew 100, tied to xennet0 -> MASTER has 10.0.0.1
                  carp1: advskew 100, tied to xennet1 -> MASTER has 10.1.1.1
           rt-B's carp0: advskew 150, tied to xennet0 -> BACKUP
                  carp1: advskew 150, tied to xennet1 -> BACKUP

        2. I did followings on rt-A
           ifconfig carp0 down
           then state is followings
           rt-A's carp0: down -> BACKUP
                  carp1: up   -> MASTER : has 10.0.0.1
           rt-B's carp0: up   -> MASTER : has 10.1.1.1
                  carp1: up   -> BACKUP

        3. Ping from Term-A to Term-B
           for go:  Term-A -> rt-B's carp0 -> rt-B's xennet1 -> Term-B
           go back: Term-B -> rt-A's carp1 -> rt-A's xennet0 -> Term-A
           This is because rt-A's carp0 is down but carp1 is up.

        Of cource this is worst case because this is rare case that xennet0
        has no trouble but carp0 is down.
        As you say if an interdace on rt-A goes down, all traffic is
        redirected to rt-B because if Physical interface(or interface which
        tied to carp interface) is down, preempting is work.

        "Now" I thought too much worried of my senario, but it will be able
        to happen.

        Thanks again.

 HEO

Prev by Date: Re: kern/48945: CARP preempt is not working
Next by Date: Re: kern/48916
Previous by Thread: Re: kern/48945: CARP preempt is not working
Next by Thread: PR/48944 CVS commit: src/external/bsd/cron/dist
Indexes:

Home | Main Index | Thread Index | Old Index