Date: Thu, 16 Jul 2009 22:01:35 -0700 From: Xin LI <delphij@delphij.net> To: Ian FREISLICH <ianf@clue.co.za> Cc: FreeBSD Current <freebsd-current@freebsd.org>, d@delphij.net Subject: Re: CARP broken on -CURRENT? Message-ID: <4A6005AF.6090402@delphij.net> In-Reply-To: <E1MRYA8-0005df-D6@clue.co.za> References: <4A5F8010.7050504@delphij.net> <4A5F7540.7070201@delphij.net> <4A5EF889.6040604@delphij.net> <E1MRNt8-0004so-2J@clue.co.za> <E1MRWFf-0005Xt-P8@clue.co.za> <E1MRYA8-0005df-D6@clue.co.za>
next in thread | previous in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hey Ian, Ian FREISLICH wrote: > Xin LI wrote: >> Ian FREISLICH wrote: >>> To use carp, the administrator needs to configure at minimum >>> a common virtual host ID (VHID) and virtual host IP address >>> on each machine which is to take part in the virtual group. >>> Additional parameters can also be set on a per-interface basis: >>> advbase and advskew, which are used to control how frequently >>> the host sends advertisements when it is the master for a >>> virtual host, and pass which is used to authenticate carp >>> advertisements. >> Um... In order to narrow this down I have removed advbase setting from >> both servers (now they use the default number, 1) but seems no luck. >> >> I have further checked netstat -s, it seems that only the CARP packets >> with bad length (which are really VRRP packets) are being counted into >> the "received" packets, and were all discarded (of course). I've >> manually put these interfaces down and will check back to see if there >> is some clue in our code in the afternoon. >> >> Jul 16 12:22:58 gate2 kernel: carp_input: received len 20 < >> sizeof(struct carp_header) on em0 >> Jul 16 12:23:01 gate2 kernel: carp_input: received len 20 < >> sizeof(struct carp_header) on em0 > > I've only ever encountered messages like these when there's been a > linux host on the same network with ucarp or heartbeat running > sending their broken "carp" packets with a vhid that's the same as > one I was using. Yes this ("short"s) is from Cisco's VRRP. > Have you tried setting a "pass" on your carp interfaces? Are you > sure it's your host that's generating these short carp packets? Use > 'tcpdump -eni <interface> proto carp' to verify. Yes, actually, I think both hosts were sending correct packets, but somehow carp_input did not processed it (no counter update and no action taken)... I'll instrument the network stack further to see why this was happening. Thanks for your hints :) Cheers, - -- Xin LI <delphij@delphij.net> http://www.delphij.net/ FreeBSD - The Power to Serve! -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.12 (FreeBSD) iEYEARECAAYFAkpgBa8ACgkQi+vbBBjt66D6fwCePCBz04M4sI0WkC9klNLrrOHu tf0AnRk3+W/phvGYifcL7fBJMnNzUlTP =s3sZ -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4A6005AF.6090402>