Allowing CARP to use arbitrary OUI prefix and allocating block from FreeBSD's OUI space assignment for that

Bjoern A. Zeeb bzeeb-lists at lists.zabbadoz.net
Thu May 8 12:08:37 UTC 2014


On 08 May 2014, at 09:50 , Eygene Ryabinkin <rea at freebsd.org> wrote:

> No, we're conflicting with VRRP on the MAC address space.
> 
> And, as I understand, CARP in 10 hadn't changed protocol in any way,
> it just refurbished now CARP instances are configured and attached to
> the interfaces.  Could be wrong here, though.

Yes, that is why the problem remains.

http://svnweb.freebsd.org/base/head/sys/netinet/ip_carp.h?annotate=253087#l86
#define CARP_VERSION            2

vs.

RFC 3768, Virtual Router Redundancy Protocol (VRRP),  5.3.1.  Version

   The version field specifies the VRRP protocol version of this packet.
   This document defines version 2.

*boom*

And the world is moving on ...

RFC 5798, Virtual Router Redundancy Protocol (VRRP) Version 3 for IPv4 and IPv6, 5.2.1.  Version

   The version field specifies the VRRP protocol version of this packet.
   This document defines version 3.


So, document CARP as Version 4 and then you have your own version of the protocol and a good reason to change the EUI-48 assignment within the IANA OUI maybe, maybe not.

http://www.iana.org/assignments/ethernet-numbers/ethernet-numbers.xhtml#ethernet-numbers-1

00-01-00 to 00-01-FF	VRRP (Virtual Router Redundancy Protocol)	[RFC5798]
00-02-00 to 00-02-FF	VRRP IPv6 (Virtual Router Redundancy Protocol IPv6)	[RFC5798]



Currently we are on Version 2 and VRRP (3768) is Version 2 and we share the OUI but speak a different language.  *boom*


Currently you are worried that “CARP" != “VRRP" and still uses the same EUI-64.  But that’s a management problem.  Server guys run Solaris and VRRP[1] in the Solaris group, and Linux and VRRP in the Linux Group, or FreeBSD and VRRP (yes people do) in the group that tries to talk to the other two.  If they don’t talk to each other and the networking guys put the servers in the same subnet, they probably conflict.  *boom*   Needless to say that if they don’t tell the networking guys they conflict with the routers as well *boom*boom*

Two different networking groups do redundancy failover and years later connect their routers;  4 routers run VRRP, same VRID by default.  *boom*

The samples you can find are plenty.

People need to talk.   The fact that your server guys use a non-unique Ethernet address for CARP without talking to their local authority who’s in charge of the network first is nothing you can fix changing the number.   The fact that multiple deployments on the same subnet might exist is nothing a number change will fix.   I think the RFC uses the word “coordinate”.


The thing you can change is to fix the version number for CARP, document the protocol (so your network guys become more aware of it though they probably won’t anyway);  then you can make sure it doesn’t conflict on as much as is possible with it---just that you cannot always (as described above) without talking.    So it’s about minimising the impact, reading your log files, and talking to people.


[1] http://docs.oracle.com/cd/E23824_01/html/821-1453/gkfjq.html#scrolltoc


— 
Bjoern A. Zeeb             "Come on. Learn, goddamn it.", WarGames, 1983



More information about the freebsd-net mailing list