VRRP and the kernel

Alexandre Cassen Alexandre.Cassen at wanadoo.fr
Fri Nov 23 20:55:49 GMT 2001 

Hello,

> > >I see big problems for setups where the VRRP routers have
> > >two or more devices attached to same hub. When the normal hosts
> > >try to resolve the VIP via ARP they will receive many ARP replies
> > >from the current MASTER.
> >
> > => Yes the same MASTER.
>
>         After reading your next words it seems the hosts will
>receive only one ARP reply, from the device where the MASTER is bound.

Yes we are sync :)

> > >The question is: are these replies equal, i.e. containing same src MAC?
> >
> > Yes : A MASTER mean a VRRP Instance in MASTER state, which mean VRRP VIPs
> > owned on the LVS director where VRRP Instance are in MASTER state. We know
> > that VRRP Instance state are uniq and identified by a uniq VRID on the
> > whole VRRP topology.
>
>         IMO, there is also another question: why we restrict packets
>to VIP to come only through once device (switch port)? Of course,
>this is not true for all network stacks but Linux can do it: one
>subnet reachable through many devices (at least the packets can
>be received through many devices) but there is a way to send through
>many devices. Anyways.

Interresting....

> > >    But then the required behavior is to reply with 3 different
> > >MACs if we have 3 NICs?
> >
> > => hmmm, is to reply with VMAC associated with a specific VIP. A specific
> > VIP belong to the VRID in MASTER state owning this VIP. And only on VRID is
> > active at a time. Agreed ?
>
>         May be I don't fully understand the VRRP terms and internals
>but as your hands are durty with VRRP

:)

>, do you see any variant to
>allow we to reply for one VIP through many devices with different
>VMAC (of course, the VRRP protocol may be will use only one device
>but for me, this is also questionable).

I agree with you... but it can be a starting point ?

> > Physical topology is :
> >
> >              WAN SIDE
> >                 |
> >     +-----------------------+
> >     |      SWITCH/HUB       |
> >     +-----------------------+
> >       |                   |
> >       | eth0              | eth0
> >      +-----+           +-----+
> >      | LD1 |           | LD2 |
> >      +-----+           +-----+
> >       | eth1              | eth1
> >     +-----------------------+
> >     |      SWITCH/HUB       |
> >     +-----------------------+
> >                  |
> >                LAN SIDE
>
>         This explains everything :))) Only one ARP reply per request.

Yes I think this is a very very simple/common setup, it can be a good 
starting point.

But you are more advanced than I in MAC handling inside kernel so no matter 
for me if you say that it is too restrictive.

Best regards,
Alexandre

More information about the lvs-users mailing list