Date: Sun, 20 Mar 2011 19:58:56 +0100 From: Daniel Hartmeier <daniel@benzedrine.cx> To: Viktor Petersson <petersson@gmail.com> Cc: freebsd-net@freebsd.org Subject: Re: Possible CARP bug? Message-ID: <20110320185856.GA7703@insomnia.benzedrine.cx> In-Reply-To: <00612801-A0F4-4EDC-9BED-3364A86E4F9C@gmail.com> References: <00612801-A0F4-4EDC-9BED-3364A86E4F9C@gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Mar 18, 2011 at 04:43:59PM +0100, Viktor Petersson wrote: > Mar 7 14:42:57 nas0 kernel: carp0: MASTER -> BACKUP (more frequent advertisement received) This could mean that the master is receiving its own CARP advertisements back, and, thinking they come from another host, backs off. CARP advertisements are sent through the physical interface to a broadcast MAC address (01:00:5e:00:x:y) and the broadcast IP address 224.0.0.18. A real physical switch will forward that frame to all ports except the one it was received on, i.e. the frame will not be sent back to the sender. You mention a virtual enviroment, so maybe the switch is virtual, too, and behaves differently. You can check by tcpdump'ing on the physical interface of the master. You should see each advertisement once (going out, but tcpdump doesn't indicate the direction). Look at the IP IDs, if you see each ID twice, you're getting the broadcasts back. I think newer versions of CARP (in OpenBSD) contain an explicit check to detect this case (it can be thought of as a form of replay attack), which could be ported. But there might also be a setting in Qemu's virtual switch, that deals with such broadcasts. HTH, Daniel
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20110320185856.GA7703>