Re: Host address zero vs bridge, carp and nat

In reply to: Bob Bishop : "Host address zero vs bridge, carp and nat"
Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: George Kontostanos <gkontos.mail_at_gmail.com>
Date: Mon, 24 Apr 2023 15:54:41 UTC
unsubscribe

On Mon, Apr 24, 2023 at 1:00 AM Bob Bishop <rb@gid.co.uk> wrote:
>
> Hi,
>
> We’re commissioning a new router build here based on 13.2-RC5 (bad timing) and it seems that something is amiss when using host address zero with this combination. More precisely, this setup:
>
> igb1: flags=8963<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
>         options=4e523bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4,TSO6,WOL_MAGIC,VLAN_HWFILTER,VLAN_HWTSO,RXCSUM_IPV6,TXCSUM_IPV6,NOMAP>
>         ether 00:0d:b9:5f:0f:31
>         media: Ethernet autoselect (1000baseT <full-duplex>)
>         status: active
>         nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
> igb2: flags=8963<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
>         options=4e523bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4,TSO6,WOL_MAGIC,VLAN_HWFILTER,VLAN_HWTSO,RXCSUM_IPV6,TXCSUM_IPV6,NOMAP>
>         ether 00:0d:b9:5f:0f:32
>         media: Ethernet autoselect (1000baseT <full-duplex>)
>         status: active
>         nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
>
> bridge0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
>         ether 00:0d:b9:5f:0f:31
>         inet x.y.z.0 netmask 0xffffffe0 broadcast x.y.z.31
>         inet x.y.z.10 netmask 0xffffffe0 broadcast x.y.z.31 vhid 11
>         inet x.y.z.11 netmask 0xffffffe0 broadcast x.y.z.31 vhid 11
>         id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
>         maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200
>         root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
>         member: igb2 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
>                 ifmaxaddr 0 port 3 priority 128 path cost 2000000
>         member: igb1 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
>                 ifmaxaddr 0 port 2 priority 128 path cost 2000000
>         groups: bridge
>         carp: MASTER vhid 11 advbase 1 advskew 100
>         nd6 options=9<PERFORMNUD,IFDISABLED>
>
>
> doesn’t pass traffic through the bridge. The NAT is in-kernel via ipfw and there are firewall rules in play but they do not seem to be a factor.
>
> Change the primary address on the bridge to eg x.y.z.13 and everything works. carp failover seem to work OK with the zero host in spite of not passing traffic.
>
> We only found this because in live we’ll have a /29 and we are going to run out of addresses if we can’t use zero. The bridge is required to avoid using a switch upstream where we have two routers on redundant fibres using VRRP.
>
> We will solve this by getting a bigger allocation upstream unless anyone has any bright ideas, in default of which I’ll raise a bug report.
>
> --
> Bob Bishop
> rb@gid.co.uk
>
>
>
>
>


-- 
George Kontostanos
---