[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
CARP and switches
This is somewhat off-topic, but the question has really been nagging me
ever since someone brought it up at NYCBSDCon
(http://www.nycbsdcon.org/index.php?NAV=Speakers) after Jason Dixon's CARP
demo. The demo was really cool, BTW - failover with IPSEC.
The question that was posed was along the lines of "how does a standard
ethernet switch handle carp?". The questioner wasn't too clear and I'm
not sure Jason really knew exactly what the guy was asking. So I'll ask
it here in the hopes of understanding how this works.
You have two OpenBSD boxes plugged into a switch, and the OBSD boxes are
running PF/CARP. Each one has a "real" IP and MAC address, and there is a
"virtual" IP and MAC that your hosts plugged into the same switch use as
their gateway. Basic failover config.
Now during normal operation with both boxes up, how does the switch deal
with seeing the same "virtual" MAC address on two ports? My simple
understanding of a dumb switch is that it builds a list of what MAC
addresses are on what ports and uses that list to determine which ports to
forward traffic to. The design seems to assume that one MAC address can
only exist on one port at a time, correct? How does this jibe with CARP's
"virtual" IP and MAC? Same question for HSRP or VRRP really.
Am I missing something? Does only one box use the "virtual" MAC address
Sorry for posting something so basic, I'm just now getting my feet wet in
the more interesting pf features. I generally have been using ipf on FBSD
as a simple host firewall, so I'm not up to speed on the neat stuff.
Bway.net - New York's Best Internet - www.bway.net
[email protected] - 212.655.9344