subject:"\[ClusterLabs\] IPaddr2 RA and multicast mac"

Re: [ClusterLabs] IPaddr2 RA and multicast mac

2019-09-04 Thread Michael Schwartzkopff

Am 04.09.19 um 00:27 schrieb Tomer Azran:
> Hello,
>
> When using IPaddr2 RA in order to set a cloned IP address resource:
>
> pcs resource create vip1 ocf:heartbeat:IPaddr2 ip=10.0.0.100 iflabel=vip1 
> cidr_netmask=24 flush_routes=true op monitor interval=30s
> pcs resource clone vip1 clone-max=2 clone-node-max=2 globally-unique=true
>
> Then the cluster set the iptables CLUSTERIP module, and the result is 
> something like that:
>
> # iptables -L -n
> .
> .
> .
> CLUSTERIP  all  --  0.0.0.0/010.0.0.100 CLUSTERIP 
> hashmode=sourceip-sourceport clustermac=A1:DE:DE:89:A6:FE total_nodes=2 
> local_node=1 hash_init=0
> .
> .
> .
>
> The problem is that the RA picks a clustermac address which is not on the 
> multicast range (must start with 01:00:5E)
> If not working with a multicast address, the traffic is being treated as 
> broadcast which is bad.
>
> I found that you can set a multicast mac if you use the "mac" parameter, 
> which solves the issue.
>
> Can the RA default be changed to use multicast range?
> In addition, I think that you might need to update the documentation 
> (https://clusterlabs.org/pacemaker/doc/en-US/Pacemaker/1.1/html/Clusters_from_Scratch/_clone_the_ip_address.html)
>  and instruct users to use the mac parameter when creating the resource. In 
> addition, I think that the documentation should instruct the user to enable 
> multicast traffic on the network, which is not enabled by default.
>
> Tomer Azran
> IDM & LINUX Professional Services
>
> tomer.az...@edp.co.il
> m: +972-52-6389961
> t: +972-3-6438222
> f: +972-3-6438004
>
> [http://www.edp.co.il/logo1-small.png]
> www.edp.co.il
>
>
>
> ___
> Manage your subscription:
> https://lists.clusterlabs.org/mailman/listinfo/users
>
> ClusterLabs home: https://www.clusterlabs.org/


Hi,


im Layer2 frames the least important bit of the most important byte
decides if it is multicast / broadcast or unicat. A "0" tells the switch
it is unicast and a "1" indicates a multicast address.

Depending on the switch vendor, the switch does learn the mutlicast MAC
address for the interface where it sees such a packet comming in or not.


A IEEE document explicitly says that a router SHOULD NOT learn multicast
MAC addresses for unicast IP addresses. Cisco is the only vendor that
sticks to that standard. On Cisco devices you have to add the MAC
manually. All other vendors just learn the MAC address.



Mit freundlichen Grüßen,

-- 

[*] sys4 AG
 
https://sys4.de, +49 (89) 30 90 46 64
Schleißheimer Straße 26/MG,80333 München
 
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer, Wolfgang Stief
Aufsichtsratsvorsitzender: Florian Kirstein



signature.asc
Description: OpenPGP digital signature
___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/

Re: [ClusterLabs] IPaddr2 RA and multicast mac

2019-09-03 Thread Andrei Borzenkov

04.09.2019 1:27, Tomer Azran пишет:
> Hello,
> 
> When using IPaddr2 RA in order to set a cloned IP address resource:
> 
> pcs resource create vip1 ocf:heartbeat:IPaddr2 ip=10.0.0.100 iflabel=vip1 
> cidr_netmask=24 flush_routes=true op monitor interval=30s
> pcs resource clone vip1 clone-max=2 clone-node-max=2 globally-unique=true
> 
> Then the cluster set the iptables CLUSTERIP module, and the result is 
> something like that:
> 
> # iptables -L -n
> .
> .
> .
> CLUSTERIP  all  --  0.0.0.0/010.0.0.100 CLUSTERIP 
> hashmode=sourceip-sourceport clustermac=A1:DE:DE:89:A6:FE total_nodes=2 
> local_node=1 hash_init=0
> .
> .
> .
> 
> The problem is that the RA picks a clustermac address which is not on the 
> multicast range (must start with 01:00:5E)

You are mistaken. 01:00:5E range is reserved for multicast IPv4
addresses (224.0.0.0/4). In your example you use address 10.0.0.100
which is clearly not multicast so using MAC in this range would be
misleading.

> If not working with a multicast address, the traffic is being treated as 
> broadcast which is bad.
> 

Well, by definition switch floods Ethernet frames with multicast bit set
to every station. Switches may limit this based on some protocol
snooping or similar; in particular, switches may learn IPv4 multicast
MACs on ingress frames and build corresponding forwarding table. But
this is switch-dependent.

Out of curiosity, what switch do you use?

> I found that you can set a multicast mac if you use the "mac" parameter, 
> which solves the issue.
> 

What exactly "solves" means in this case?

> Can the RA default be changed to use multicast range?

No, see above.

> In addition, I think that you might need to update the documentation 
> (https://clusterlabs.org/pacemaker/doc/en-US/Pacemaker/1.1/html/Clusters_from_Scratch/_clone_the_ip_address.html)
>  and instruct users to use the mac parameter when creating the resource. In 
> addition, I think that the documentation should instruct the user to enable 
> multicast traffic on the network, which is not enabled by default.

What exactly do you mean here? It sounds like you talk about IPv4
multicast, but you do not use it your example either, so why would you
want enable it? And what exactly "enable multicast" means?

___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/

[ClusterLabs] IPaddr2 RA and multicast mac

2019-09-03 Thread Tomer Azran

Hello,

When using IPaddr2 RA in order to set a cloned IP address resource:

pcs resource create vip1 ocf:heartbeat:IPaddr2 ip=10.0.0.100 iflabel=vip1
cidr_netmask=24 flush_routes=true op monitor interval=30s
pcs resource clone vip1 clone-max=2 clone-node-max=2 globally-unique=true

Then the cluster set the iptables CLUSTERIP module, and the result is something
like that:

# iptables -L -n
.
.
.
CLUSTERIP all -- 0.0.0.0/010.0.0.100 CLUSTERIP
hashmode=sourceip-sourceport clustermac=A1:DE:DE:89:A6:FE total_nodes=2
local_node=1 hash_init=0
.
.
.

The problem is that the RA picks a clustermac address which is not on the
multicast range (must start with 01:00:5E)
If not working with a multicast address, the traffic is being treated as
broadcast which is bad.

I found that you can set a multicast mac if you use the "mac" parameter, which
solves the issue.

Can the RA default be changed to use multicast range?
In addition, I think that you might need to update the documentation
(https://clusterlabs.org/pacemaker/doc/en-US/Pacemaker/1.1/html/Clusters_from_Scratch/_clone_the_ip_address.html)
and instruct users to use the mac parameter when creating the resource. In
addition, I think that the documentation should instruct the user to enable
multicast traffic on the network, which is not enabled by default.

Tomer Azran
IDM & LINUX Professional Services

tomer.az...@edp.co.il
m: +972-52-6389961
t: +972-3-6438222
f: +972-3-6438004

[http://www.edp.co.il/logo1-small.png]
www.edp.co.il

___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/

Re: [ClusterLabs] IPaddr2 RA and multicast mac

Re: [ClusterLabs] IPaddr2 RA and multicast mac

[ClusterLabs] IPaddr2 RA and multicast mac

3 matches

Site Navigation

Mail list logo

Footer information