[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Re: (why can't)/(does) carp work on bridges ?

On Thu, Dec 16 2004 - 20:46, Jason Dixon wrote:
> On Dec 16, 2004, at 10:18 AM, Joel CARNAT wrote:
> >I wanted to do CARPing on interfaces which were part on bridges.
> >According to my readings and testing (it's been 1 week I'm trying to
> >have it working ;), it seems you can't enable carp on an interface that
> >is bridged to some other...
> I believe you can, so long as your interface has an IP assigned to it.  
> An IP is needed, but you will not be routing- don't let it confuse you. 
>  You're still bridging all packets between the external segment and the 
> protected segment.  I haven't tried it myself (yet), so caveat emptor.
 I just (re)test this configuration :
carp0: carpdev bge0
bridge0: add bge0 add bge1
my test is pinging (the carp interface).
it's OK until I "brconfig bridge0 up".
from then, I can see (tcpdump) "echo request" on bge0 and bge1 but nowhere else (and no ack anywhere).
then I "brconfig bridge0 down" and the ping works back.
that's why I'm pretty sure the bug is the bridge (or @least the way I
configured it ;)...
I thought, maybe, setting the bridge confuses carp because paquets are
first forwarded from bge0 to bge1 and as carp0 is linked to bge0, it
doesn't work on the paquet (yes, I already tried to set carp0 on bge1
and same error occurs).
another "weird" thing (or @least one I don't understand =) is, on the
working config (aka ping carp is OK), I see rq/ack on bge0 and rq only
on carp0. shouldn't I see rq/ack on carp0 too ? maybe the clue ?
> >Is is really true (or did I miss a bit of configuration) ?
> >And, if so, why ? What makes it impossible ?
> Actually, Ryan McBride recently posted a diff to -current to allow CARP 
> interfaces to bind to the physical interface (without IP) using the 
> carpdev keyword.
 well, I already had this discussion with him (I think it was either
privatly or on [email protected]) ; anyway, I did install the snapshot
(timestamped about Dec 8th) that allows the "carpdev" feature.
 so this is OK, I can have carp listen on some IP while the real
interface has no IP (or IP on some different IP range - in my case,
interface as private IP and carp has public).
 but even with this patch apply, my carp stops working as soon as I
"ifconfig bridge0 up".
> http://marc.theaimsgroup.com/?l=openbsd-tech&m=110229937028512&w=2
,-- This mail runs ---------.
`------------ NetBSD/i386 --'