Understanding the interplay of ipfw, vlan, and carp

Peter Jeremy peterjeremy at optushome.com.au
Wed Jun 4 08:14:50 UTC 2008 

On 2008-Mar-04 23:20:26 +0100, Max Laier <max at love2party.net> wrote:
>You could try the attached patch.  It adds carpdev support.  You'll have
>to recompile ifconfig to make use of it.

I have just tried it and found that it does precisely the opposite of
what I want :-(

My situation: At work, I have a NAT box that is used to translate
between our corporate intranet and my department's test models.  There
is (basically) 1:1 NAT and I use proxy-ARP on the intranet side (though
I have gateway IPs on the internal side).  I am trying to convert this
to use CARP for failover.

My external interface config currently looks like:
 ifconfig vlan10 10.10.10.1 vlandev fxp0 vlan 10
 arp -s 10.10.10.2 auto pub
 arp -s 10.10.10.3 auto pub
 arp -s 10.10.10.4 auto pub
 arp -s 10.10.10.5 auto pub

Ideally, I want to attach a carp device to vlan10 so I can do
 ifconfig vlan10 10.10.10.1 vlandev fxp0 vlan 10
 ifconfig carp10 vhid 10 carpdev vlan10 
 arp -s 10.10.10.2 00:00:5e:00:01:0a pub
 arp -s 10.10.10.3 00:00:5e:00:01:0a pub
 arp -s 10.10.10.4 00:00:5e:00:01:0a pub
 arp -s 10.10.10.5 00:00:5e:00:01:0a pub
ie the IP address remains with the specific box (the backup box has
its own IP address).  Unfortunately, the current carpdev code doesn't
work this way: It lets me not assign an IP address to vlan10 but I
still have to assign an IP address to carp10 (and it uses the latter
address rather than the former address in the carp advertisements).

Does what I want make sense to you and can you see any way it could be
integrated into your carpdev patches.

Note that one downside of your carpdev patches is that (AFAIK) it is
no longer possible to identify which host sent the packet: The source
and destination MAC addresses, as well as the destination IP address
are all defined by CARP.  Once you change the source IP address to be
the shared address there's nothing to identify which host sent it.

Finally, can anyone point me to a protocol specification for CARP.
The only documentation I can find in either FreeBSD or OpenBSD is
basically limited to "it's like VRRP but different to avoid the CISCO
patent on HSRP".

-- 
Peter Jeremy
Please excuse any delays as the result of my ISP's inability to implement
an MTA that is either RFC2821-compliant or matches their claimed behaviour.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-net/attachments/20080604/47f3cc7c/attachment.pgp

More information about the freebsd-net mailing list