Host address zero vs bridge, carp and nat

Reply: Tomek CEDRO : "Re: Host address zero vs bridge, carp and nat"
Reply: George Kontostanos : "Re: Host address zero vs bridge, carp and nat"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Bob Bishop <rb_at_gid.co.uk>
Date: Sun, 23 Apr 2023 22:00:05 UTC

Hi,

We’re commissioning a new router build here based on 13.2-RC5 (bad timing) and it seems that something is amiss when using host address zero with this combination. More precisely, this setup:

igb1: flags=8963<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=4e523bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4,TSO6,WOL_MAGIC,VLAN_HWFILTER,VLAN_HWTSO,RXCSUM_IPV6,TXCSUM_IPV6,NOMAP>
        ether 00:0d:b9:5f:0f:31
        media: Ethernet autoselect (1000baseT <full-duplex>)
        status: active
        nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
igb2: flags=8963<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=4e523bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4,TSO6,WOL_MAGIC,VLAN_HWFILTER,VLAN_HWTSO,RXCSUM_IPV6,TXCSUM_IPV6,NOMAP>
        ether 00:0d:b9:5f:0f:32
        media: Ethernet autoselect (1000baseT <full-duplex>)
        status: active
        nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>

bridge0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
        ether 00:0d:b9:5f:0f:31
        inet x.y.z.0 netmask 0xffffffe0 broadcast x.y.z.31
        inet x.y.z.10 netmask 0xffffffe0 broadcast x.y.z.31 vhid 11
        inet x.y.z.11 netmask 0xffffffe0 broadcast x.y.z.31 vhid 11
        id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
        maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200
        root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
        member: igb2 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
                ifmaxaddr 0 port 3 priority 128 path cost 2000000
        member: igb1 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
                ifmaxaddr 0 port 2 priority 128 path cost 2000000
        groups: bridge
        carp: MASTER vhid 11 advbase 1 advskew 100
        nd6 options=9<PERFORMNUD,IFDISABLED>


doesn’t pass traffic through the bridge. The NAT is in-kernel via ipfw and there are firewall rules in play but they do not seem to be a factor.

Change the primary address on the bridge to eg x.y.z.13 and everything works. carp failover seem to work OK with the zero host in spite of not passing traffic.

We only found this because in live we’ll have a /29 and we are going to run out of addresses if we can’t use zero. The bridge is required to avoid using a switch upstream where we have two routers on redundant fibres using VRRP.

We will solve this by getting a bigger allocation upstream unless anyone has any bright ideas, in default of which I’ll raise a bug report.

--
Bob Bishop
rb@gid.co.uk