From owner-freebsd-net@FreeBSD.ORG Fri Feb 19 13:21:31 2010 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A2C01106566B for ; Fri, 19 Feb 2010 13:21:31 +0000 (UTC) (envelope-from max@love2party.net) Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.17.8]) by mx1.freebsd.org (Postfix) with ESMTP id 34B478FC12 for ; Fri, 19 Feb 2010 13:21:30 +0000 (UTC) Received: from vampire.homelinux.org (dslb-088-066-054-245.pools.arcor-ip.net [88.66.54.245]) by mrelayeu.kundenserver.de (node=mrbap1) with ESMTP (Nemesis) id 0M8K0I-1Nv1rf3fU2-00vl03; Fri, 19 Feb 2010 14:21:30 +0100 Received: (qmail 58640 invoked from network); 19 Feb 2010 13:21:29 -0000 Received: from f8x64.laiers.local (192.168.4.188) by ns1.laiers.local with SMTP; 19 Feb 2010 13:21:29 -0000 From: Max Laier Organization: FreeBSD To: freebsd-net@freebsd.org Date: Fri, 19 Feb 2010 14:21:28 +0100 User-Agent: KMail/1.12.4 (FreeBSD/8.0-RELEASE-p2; KDE/4.3.5; amd64; ; ) References: <4B7D72BF.1040104@acm.poly.edu> In-Reply-To: <4B7D72BF.1040104@acm.poly.edu> MIME-Version: 1.0 Content-Type: Text/Plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Message-Id: <201002191421.28699.max@love2party.net> X-Provags-ID: V01U2FsdGVkX18Cgm/lMqLdhhrHBnRZWxifm+AdoXto3zyB0tc 8BsVHYr+Xegzck4upVcwlber7q5lARFZyPMjyNtUCIXUZQcF+p G71f9r//uusZckwltLoPg== Cc: Boris Kochergin Subject: Re: CARP vs. if_bridge X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 19 Feb 2010 13:21:31 -0000 On Thursday 18 February 2010 18:02:55 Boris Kochergin wrote: > Ahoy. I'm seeing what appears to be erroneous interaction between CARP > and if_bridge on multiple machines with a variety of Ethernet > controllers and architectures. I've observed it on 7.2-R and 8.0-R. The > test setup is simple enough: > > CARP master: > > FreeBSD t30 8.0-RELEASE-p1 FreeBSD 8.0-RELEASE-p1 #5: Sun Feb 14 > 20:22:41 EST 2010 root@t30:/usr/obj/usr/src/sys/T30 i386 > > lo0: flags=8049 metric 0 mtu 16384 > options=3 > inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1 > inet6 ::1 prefixlen 128 > inet 127.0.0.1 netmask 0xff000000 > dc0: flags=8943 metric 0 > mtu 1500 > options=8 > ether 00:04:5a:a8:e0:bf > inet 192.168.0.2 netmask 0xffffff00 broadcast 192.168.0.255 > media: Ethernet autoselect (100baseTX ) > status: active > carp0: flags=49 metric 0 mtu 1500 > inet 192.168.0.1 netmask 0xffffff00 > carp: MASTER vhid 1 advbase 1 advskew 0 > > CARP backup: > > FreeBSD ultra5 8.0-RELEASE FreeBSD 8.0-RELEASE #0: Thu Feb 18 15:19:39 > UTC 2010 boris@ultra5:/usr/obj/usr/src/sys/GENERIC.carp sparc64 > > hme0: flags=8802 metric 0 mtu 1500 > options=b > ether 08:00:20:f5:65:d4 > media: Ethernet autoselect > xl0: flags=8943 metric 0 > mtu 1500 > options=9 > ether 00:01:03:2c:06:6d > inet 192.168.0.3 netmask 0xffffff00 broadcast 192.168.0.255 > media: Ethernet autoselect (100baseTX ) > status: active > lo0: flags=8049 metric 0 mtu 16384 > options=3 > inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4 > inet6 ::1 prefixlen 128 > inet 127.0.0.1 netmask 0xff000000 > carp0: flags=49 metric 0 mtu 1500 > inet 192.168.0.1 netmask 0xffffff00 > carp: MASTER vhid 1 advbase 1 advskew 100 > bridge0: flags=8843 metric 0 mtu > 1500 > ether 3a:e6:09:2d:da:bc > id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15 > maxage 20 holdcnt 6 proto rstp maxaddr 100 timeout 1200 > root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0 > member: xl0 flags=143 > ifmaxaddr 0 port 2 priority 128 path cost 200000 > member: hme0 flags=8 > ifmaxaddr 0 port 1 priority 128 path cost 200000 > > In summary, I have a basic CARP configuration and, on the backup CARP > machine, a bridge with the CARP device's physical interface in it. The > purpose of this setup is the ability to monitor traffic passing through > that interface using another machine. If the master CARP machine is > disconnected from the network, the CARP interface on the backup machine > correctly changes to the MASTER state, but does not act on traffic bound > for the shared IP address--192.168.0.1. tcpdump shows the traffic coming > in on the correct physical interface, but it is never replied to, or, in > the case of routing, forwarded. Removing xl0 from the bridge on the > backup machine instantly fixes this, and the shared IP address behaves > as expected. Adding xl0 back to the bridge while the backup CARP > interface is in the MASTER state keeps things running correctly, so the > problem is only observed when xl0 is part of the bridge during the CARP > transition from BACKUP to MASTER. Thoughts? I assume the bridge filters out the traffic as it thinks the destination is elsewhere (it has previously seen ARPs from the other MASTER entering via xl0). It shouldn't do that, but that's a different story. You can try to force edge or ptp status on xl0, not sure if this does the trick, but it's worth a try. Regards, Max