Possible CARP bug?
Viktor Petersson
petersson at gmail.com
Wed Mar 23 12:17:08 UTC 2011
On Mar 20, 2011, at 7:58 PM, Daniel Hartmeier wrote:
> On Fri, Mar 18, 2011 at 04:43:59PM +0100, Viktor Petersson wrote:
>
>> Mar 7 14:42:57 nas0 kernel: carp0: MASTER -> BACKUP (more frequent advertisement received)
>
> This could mean that the master is receiving its own CARP advertisements
> back, and, thinking they come from another host, backs off.
>
> CARP advertisements are sent through the physical interface to a
> broadcast MAC address (01:00:5e:00:x:y) and the broadcast IP address
> 224.0.0.18.
>
> A real physical switch will forward that frame to all ports except the
> one it was received on, i.e. the frame will not be sent back to the
> sender.
>
> You mention a virtual enviroment, so maybe the switch is virtual, too,
> and behaves differently. You can check by tcpdump'ing on the physical
> interface of the master. You should see each advertisement once (going
> out, but tcpdump doesn't indicate the direction). Look at the IP IDs, if
> you see each ID twice, you're getting the broadcasts back.
>
> I think newer versions of CARP (in OpenBSD) contain an explicit check to
> detect this case (it can be thought of as a form of replay attack),
> which could be ported.
>
> But there might also be a setting in Qemu's virtual switch, that deals
> with such broadcasts.
>
> HTH,
> Daniel
Thank you for the analysis Daniel. You're dead on. The node did indeed receive its own broadcast package back.
Unfortunately that didn't really resolve the problem.
Matthew Grooms did however reach out to me with a patch that did resolve the problem that he wrote for VMware ESX,
which apparently is having the same issue.
The patch, along with instructions can be found here:
http://www.mail-archive.com/freebsd-net@freebsd.org/msg30562.html
It would be great if someone could merge that fix into the main branch.
Thanks for all the help guys!.
Regards,
Viktor
More information about the freebsd-net
mailing list