Re: Some strangeness with CARP

From: Harry Schmalzbauer <>
Date: Sun, 13 Feb 2022 10:17:42 UTC
Am 12.02.2022 um 12:53 schrieb Andrea Venturoli:
> Hello.
> I've set up a network with CARP and I think I'm seeing something strange.
> What follows is a simplified setup (the real one involves lagg and 
> vlan, but this should not matter).
> I have a Zyxel managed switch,
> two "servers":
> - A
> - B
> and two "clients"
> - C
> - D
> Now let's add the "shared" CARP IP (vhid 1) to server A 
> and server B and start sniffing on C and D.
> If C or D talks with A or B using their own IP 
> ( the other client does not see that traffic 
> (as is to be expected on a switched network).
> However if any client talks with the CARP IP ( every node 
> on the LAN can sniff that traffic!
> I tracked this down to the switch not learning the MAC address 
> 00:00:5e:00:01:01 (which is what CARP vhid 1 uses), so every outgoing 
> packet is broadcast to the whole network.
> Is this normal???
> Changing to any other VHID (I tried 2, 4 and 10) does not show the 
> same problem, as 00:00:5e:00:01:xx will show up in the switch MAC 
> database.
> I'm scrapping my head trying to find an explanation, but so far I 
> could only think the switch is misbehaving.
> Or am I missing some info and there's a reason for this?

Hi, if source address of the SYN-ACK reply between [C|D] -> carpIP is 
.3/0:0:5e:00:01:01, I'd blame the switch too (mac adress learning limit 
set for the port(s) in question?!?).
But maybe [A|B] respond with wrong source MAC address, depending on the 
VHID? Probably not possible at all - don't know our stack that deep.  
Worth and easy to check nevertheless.

good hunting,