Date: Thu, 16 Jul 2009 22:01:35 -0700 From: Xin LI <delphij@delphij.net> To: Ian FREISLICH <ianf@clue.co.za> Cc: FreeBSD Current <freebsd-current@freebsd.org>, d@delphij.net Subject: Re: CARP broken on -CURRENT? Message-ID: <4A6005AF.6090402@delphij.net> In-Reply-To: <E1MRYA8-0005df-D6@clue.co.za> References: <4A5F8010.7050504@delphij.net> <4A5F7540.7070201@delphij.net> <4A5EF889.6040604@delphij.net> <E1MRNt8-0004so-2J@clue.co.za> <E1MRWFf-0005Xt-P8@clue.co.za> <E1MRYA8-0005df-D6@clue.co.za>
next in thread | previous in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hey Ian,
Ian FREISLICH wrote:
> Xin LI wrote:
>> Ian FREISLICH wrote:
>>> To use carp, the administrator needs to configure at minimum
>>> a common virtual host ID (VHID) and virtual host IP address
>>> on each machine which is to take part in the virtual group.
>>> Additional parameters can also be set on a per-interface basis:
>>> advbase and advskew, which are used to control how frequently
>>> the host sends advertisements when it is the master for a
>>> virtual host, and pass which is used to authenticate carp
>>> advertisements.
>> Um... In order to narrow this down I have removed advbase setting from
>> both servers (now they use the default number, 1) but seems no luck.
>>
>> I have further checked netstat -s, it seems that only the CARP packets
>> with bad length (which are really VRRP packets) are being counted into
>> the "received" packets, and were all discarded (of course). I've
>> manually put these interfaces down and will check back to see if there
>> is some clue in our code in the afternoon.
>>
>> Jul 16 12:22:58 gate2 kernel: carp_input: received len 20 <
>> sizeof(struct carp_header) on em0
>> Jul 16 12:23:01 gate2 kernel: carp_input: received len 20 <
>> sizeof(struct carp_header) on em0
>
> I've only ever encountered messages like these when there's been a
> linux host on the same network with ucarp or heartbeat running
> sending their broken "carp" packets with a vhid that's the same as
> one I was using.
Yes this ("short"s) is from Cisco's VRRP.
> Have you tried setting a "pass" on your carp interfaces? Are you
> sure it's your host that's generating these short carp packets? Use
> 'tcpdump -eni <interface> proto carp' to verify.
Yes, actually, I think both hosts were sending correct packets, but
somehow carp_input did not processed it (no counter update and no action
taken)... I'll instrument the network stack further to see why this was
happening.
Thanks for your hints :)
Cheers,
- --
Xin LI <delphij@delphij.net> http://www.delphij.net/
FreeBSD - The Power to Serve!
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.12 (FreeBSD)
iEYEARECAAYFAkpgBa8ACgkQi+vbBBjt66D6fwCePCBz04M4sI0WkC9klNLrrOHu
tf0AnRk3+W/phvGYifcL7fBJMnNzUlTP
=s3sZ
-----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4A6005AF.6090402>