On Thu, Nov 03, 2005 at 06:11:20PM -0500, Jon Hart wrote: > 1) used to determine that a particular carp packet is intended for > you carp host?
carp(4) does a number of validity checks before treating the packet a real carp packet: - was the device recieved on a interface that has a carp device on it? - is the ttl 255 (prevents routed carp packets from being accepted) - packet length - crc32 checksum - VHID - Is the carp interface UP and RUNNING? - version - SHA-1 HMAC > 2) given that a carp host knows that a particular carp packet is one > that it cares about, how does it verify that all of the parameters > contained within are legit? It checks the HMAC, which contains the password, version, counter, type, and the addresses. [snip] > If the answer to all this is to just ensure that if I ever have more > than one carp pair on the same network to ensure that I have different > vhids, Yes, you MUST use a different vhid for different carp clusters on the same link-local network; the MAC address for the carp interface is generated from the vhid, and if you don't keep this unique your switch will likely get confused. > does anyone have a vhid numbering scheme that they've found workable? > I had been using interface number +1 (so the carp for em0 would be > vhid 1, etc). In many situations, I use the last octet of the first virtual IP address. (If your virtual IP is 192.168.0.23, use 23 as your vhid)