Date: Fri, 20 Jul 2007 23:11:05 +0100 From: Tom Judge <tom@tomjudge.com> To: Alexandre Biancalana <biancalana@gmail.com> Cc: freebsd-pf@freebsd.org Subject: Re: Single IP failover without carpdev Message-ID: <46A132F9.9020208@tomjudge.com> In-Reply-To: <8e10486b0707201254j4eece5dq55c1afa838a3092@mail.gmail.com> References: <8e10486b0707180621q6a38d018u206ce9ee4fbbe10c@mail.gmail.com> <867iow7rwk.fsf@zid.claresco.hr> <8e10486b0707191950s2ffd4e89q7484181acba745be@mail.gmail.com> <866fa9520707200813s7938bdbdjdfb57c87dd23e268@mail.gmail.com> <20070720173722.GB12522@verio.net> <8e10486b0707201254j4eece5dq55c1afa838a3092@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Alexandre Biancalana wrote:
> On 7/20/07, David DeSimone <fox@verio.net> wrote:
>>
>> -----BEGIN PGP SIGNED MESSAGE-----
>> That is OpenBSD's documentation you are referring to, but this is
>> FreeBSD we are talking about. The implementation is not the same.
>>
>> In order for CARP to be effective, it must send out hello packets on a
>> particular interface. Under OpenBSD, I believe there is a "carpdev"
>> option for ifconfig, which allows you to set the interface explicitly.
>> However, FreeBSD's implementation (at least in 6.x where I'm familiar
>> with it) is missing that option. Instead, the interface is chosen by
>> matching the IP address of the carp interface to the same subnet as the
>> physical interface.
>>
>> In a case where your ISP has only assigned a single IP address to you,
>> you cannot (legally) assign a pair of addresses to your firewalls and
>> then assign a third IP to CARP in order to have it bind correctly to
>> the external interface. Under OpenBSD, you could assign private RFC1918
>> addresses to the external interfaces, and use "carpdev" to assign a
>> virtual public IP, but it seems that is not possible with FreeBSD.
>>
>> If I am wrong, I hope that someone will correct my understanding.
>
>
> Exactly this! Want I want to know is if exists some alternative way to
> configure this....
Well after reading [RELENG_6_2]sys/netinet/ip_carp.c (carp_set_addr) I
have found the code that is used to look up the interface the key part
is this block:
ia_if = NULL; own = 0;
TAILQ_FOREACH(ia, &in_ifaddrhead, ia_link) {
/* and, yeah, we need a multicast-capable iface too */
if (ia->ia_ifp != SC2IFP(sc) &&
(ia->ia_ifp->if_flags & IFF_MULTICAST) &&
(iaddr & ia->ia_subnetmask) == ia->ia_subnet) {
if (!ia_if)
ia_if = ia;
if (sin->sin_addr.s_addr ==
ia->ia_addr.sin_addr.s_addr)
own++;
}
}
This is the first stage of finding the carp_softc->sc_carpdev device.
It doesn't look like it would take too much to add a carpdev option to
ifconfig and fall back to the existing code if no carpdev is specified.
I may try and have a look at this over the weekend, it looks like an
interesting first challenge.
Tom
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?46A132F9.9020208>