Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 20 Jul 2009 20:00:28 +0200
From:      =?ISO-8859-1?Q?Ermal_Lu=E7i?= <eri@freebsd.org>
To:        Max Laier <max@love2party.net>
Cc:        freebsd-net@freebsd.org, Matthew Grooms <mgrooms@shrew.net>, Andrew Snow <andrew@modulus.org>
Subject:   Re: FreeBSD + carp on VMWare ESX
Message-ID:  <9a542da30907201100l236eff1cyaf04f7ca6b8c1c8e@mail.gmail.com>
In-Reply-To: <200907201318.08122.max@love2party.net>
References:  <4A638E76.2060706@shrew.net> <4A63A4B3.6090500@modulus.org>  <3D3254E2-4E45-4C67-84D2-DB05660D768F@shrew.net> <200907201318.08122.max@love2party.net>
next in thread | previous in thread | raw e-mail | index | archive | help 
--000e0cd47e06f3919b046f26eaa8
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

On Mon, Jul 20, 2009 at 1:18 PM, Max Laier<max@love2party.net> wrote:
> On Monday 20 July 2009 01:25:03 Matthew Grooms wrote:
>> The other options you mention are enabled by default. This problem
>> also effects pre vSphere versions but only under certain
>> circumstances. Others claim this is only an issue when NIC teaming is
>> in use. However, I disabled this feature and still experience the
>> problem without the patch applied.
>>
>> I'll be happy to post the config when I'm back in front of the
>> computer. It's not a configuration problem. I'm not new to FreeBSD or
>> carp and have quite a bit of time invested trying to get this to work.
>>
>> Have a look at the vmware forums. A lot of folks have reported the
>> problem in great detail and, as far as I can tell, have yet to get
>> this working.
>
> There is clearly something very wrong with how the vswitch works and it's=
 not
> really FreeBSD's job to work around these issues. =A0The patch you posted=
 is
> rather intrusive and certainly not something we want in the tree. =A0You =
should
> talk to VMWare's support to fix the obvious short-comings in the vswitch
> design.

I think this is a problem that has been there since carp merge.
By looking at in_arpinput() in if_ether.c around this comment
        /*
	 * For a bridge, we want to check the address irrespective
	 * of the receive interface. (This will change slightly
	 * when we have clusters of interfaces).
	 * If the interface does not match, but the recieving interface
	 * is part of carp, we call carp_iamatch to see if this is a
	 * request for the virtual host ip.
	 * XXX: This is really ugly!
         */
Following the code the check for the bridge case is done for the
destination ip(protocol) address and for the source one while for the
carp this is done only for the destination ip(protocol) address. Which
seems wrong since the same check should apply for carp.
This would eliminate a looping back packet.
This is prevented as it is now for  target ip address but not by
source ip address since the check is missing.
The following patch against head should fix this IMO. It is untested
but seems the right solution for this.

Technically this would make code around the 'match' label discard the packe=
t.


Index: if_ether.c
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
--- if_ether.c	(revision 195741)
+++ if_ether.c	(working copy)
@@ -522,7 +522,7 @@
 		}
 #endif
 	}
-	LIST_FOREACH(ia, INADDR_HASH(isaddr.s_addr), ia_hash)
+	LIST_FOREACH(ia, INADDR_HASH(isaddr.s_addr), ia_hash) {
 		if (((bridged && ia->ia_ifp->if_bridge !=3D NULL) ||
 		    ia->ia_ifp =3D=3D ifp) &&
 		    isaddr.s_addr =3D=3D ia->ia_addr.sin_addr.s_addr) {
@@ -530,6 +530,17 @@
 			IN_IFADDR_RUNLOCK();
 			goto match;
 		}
+#ifdef DEV_CARP
+                if (ifp->if_carp !=3D NULL &&
+                    carp_iamatch(ifp->if_carp, ia, &isaddr, &enaddr) &&
+                    isaddr.s_addr =3D=3D ia->ia_addr.sin_addr.s_addr) {
+                        carp_match =3D 1;
+                        ifa_ref(&ia->ia_ifa);
+                        IN_IFADDR_RUNLOCK();
+                        goto match;
+                }
+#endif
+	}

 #define BDG_MEMBER_MATCHES_ARP(addr, ifp, ia)				\
   (ia->ia_ifp->if_bridge =3D=3D ifp->if_softc &&				\


>
> As for your patch - you want "IF_ADDR_[UN]LOCK(ifp);" around walking the
> address list. =A0Don't forget to unlock before the return.
>
>> -Matthew
>>
>> On Jul 19, 2009, at 5:56 PM, Andrew Snow <andrew@modulus.org> wrote:
>> > Matthew Grooms wrote:
>> >> I was having problems running carp on VMWare ESX 4 and did a little
>> >> investigative work to determine the cause of the problem.
>> >
>> > If have tested CARP on ESX 3.5u4 successfully with a 32-bit FreeBSD
>> > guest with e1000 vNICs.
>> >
>> > As well as turning on promiscuous mode on the vSwitch, you have to
>> > enable "MAC Address changes" and "Forged transmits" as CARP requires
>> > these to work properly.
>> >
>> > Unless this is a vSphere-specific problem I must suspect your
>> > configuration as the problem. =A0Do you want to post your CARP config?
>> >
>> >
>> > - Andrew
>>
>> _______________________________________________
>> freebsd-net@freebsd.org mailing list
>> http://lists.freebsd.org/mailman/listinfo/freebsd-net
>> To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"
>>
>>
>> !DSPAM:4a63ab81519501271912576!
>
> --
> /"\ =A0Best regards, =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0| mlaier@=
freebsd.org
> \ / =A0Max Laier =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0| ICQ=
 #67774661
> =A0X =A0 http://pf4freebsd.love2party.net/ =A0| mlaier@EFnet
> / \ =A0ASCII Ribbon Campaign =A0 =A0 =A0 =A0 =A0 =A0 =A0| Against HTML Ma=
il and News
>
> _______________________________________________
> freebsd-net@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-net
> To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"
>



--=20
Ermal

--000e0cd47e06f3919b046f26eaa8
Content-Type: application/octet-stream; name="if_ether.c.diff"
Content-Disposition: attachment; filename="if_ether.c.diff"
Content-Transfer-Encoding: base64
X-Attachment-Id: f_fxdhuh9e0

SW5kZXg6IGlmX2V0aGVyLmMKPT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09
PT09PT09PT09PT09PT09PT09PT09PT09PT09PQotLS0gaWZfZXRoZXIuYwkocmV2aXNpb24gMTk1
NzQxKQorKysgaWZfZXRoZXIuYwkod29ya2luZyBjb3B5KQpAQCAtNTIyLDcgKzUyMiw3IEBACiAJ
CX0KICNlbmRpZgogCX0KLQlMSVNUX0ZPUkVBQ0goaWEsIElOQUREUl9IQVNIKGlzYWRkci5zX2Fk
ZHIpLCBpYV9oYXNoKQorCUxJU1RfRk9SRUFDSChpYSwgSU5BRERSX0hBU0goaXNhZGRyLnNfYWRk
ciksIGlhX2hhc2gpIHsKIAkJaWYgKCgoYnJpZGdlZCAmJiBpYS0+aWFfaWZwLT5pZl9icmlkZ2Ug
IT0gTlVMTCkgfHwKIAkJICAgIGlhLT5pYV9pZnAgPT0gaWZwKSAmJgogCQkgICAgaXNhZGRyLnNf
YWRkciA9PSBpYS0+aWFfYWRkci5zaW5fYWRkci5zX2FkZHIpIHsKQEAgLTUzMCw2ICs1MzAsMTcg
QEAKIAkJCUlOX0lGQUREUl9SVU5MT0NLKCk7CiAJCQlnb3RvIG1hdGNoOwogCQl9CisjaWZkZWYg
REVWX0NBUlAKKyAgICAgICAgICAgICAgICBpZiAoaWZwLT5pZl9jYXJwICE9IE5VTEwgJiYKKyAg
ICAgICAgICAgICAgICAgICAgY2FycF9pYW1hdGNoKGlmcC0+aWZfY2FycCwgaWEsICZpc2FkZHIs
ICZlbmFkZHIpICYmCisgICAgICAgICAgICAgICAgICAgIGlzYWRkci5zX2FkZHIgPT0gaWEtPmlh
X2FkZHIuc2luX2FkZHIuc19hZGRyKSB7CisgICAgICAgICAgICAgICAgICAgICAgICBjYXJwX21h
dGNoID0gMTsKKyAgICAgICAgICAgICAgICAgICAgICAgIGlmYV9yZWYoJmlhLT5pYV9pZmEpOwor
ICAgICAgICAgICAgICAgICAgICAgICAgSU5fSUZBRERSX1JVTkxPQ0soKTsKKyAgICAgICAgICAg
ICAgICAgICAgICAgIGdvdG8gbWF0Y2g7CisgICAgICAgICAgICAgICAgfQorI2VuZGlmCisJfQog
CiAjZGVmaW5lIEJER19NRU1CRVJfTUFUQ0hFU19BUlAoYWRkciwgaWZwLCBpYSkJCQkJXAogICAo
aWEtPmlhX2lmcC0+aWZfYnJpZGdlID09IGlmcC0+aWZfc29mdGMgJiYJCQkJXAo=
--000e0cd47e06f3919b046f26eaa8--

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?9a542da30907201100l236eff1cyaf04f7ca6b8c1c8e>