Possible CARP bug?
Daniel Hartmeier
daniel at benzedrine.cx
Sun Mar 20 18:58:56 UTC 2011
On Fri, Mar 18, 2011 at 04:43:59PM +0100, Viktor Petersson wrote:
> Mar 7 14:42:57 nas0 kernel: carp0: MASTER -> BACKUP (more frequent advertisement received)
This could mean that the master is receiving its own CARP advertisements
back, and, thinking they come from another host, backs off.
CARP advertisements are sent through the physical interface to a
broadcast MAC address (01:00:5e:00:x:y) and the broadcast IP address
224.0.0.18.
A real physical switch will forward that frame to all ports except the
one it was received on, i.e. the frame will not be sent back to the
sender.
You mention a virtual enviroment, so maybe the switch is virtual, too,
and behaves differently. You can check by tcpdump'ing on the physical
interface of the master. You should see each advertisement once (going
out, but tcpdump doesn't indicate the direction). Look at the IP IDs, if
you see each ID twice, you're getting the broadcasts back.
I think newer versions of CARP (in OpenBSD) contain an explicit check to
detect this case (it can be thought of as a form of replay attack),
which could be ported.
But there might also be a setting in Qemu's virtual switch, that deals
with such broadcasts.
HTH,
Daniel
More information about the freebsd-net
mailing list