Hello everyone, I used google to search the mail list archive, but didn't get any results for my issue. This is my second day working on the problem and my colleagues don't have any suggestions. This post is a little long, but I hope thorough enough to give all relevant information. Here is my setup: vyatta01 - eth0:192.168.2.50, eth1:192.168.10.3 vyatta02 - eth0:192.168.2.51, eth1:192.168.10.2 laptop01 - eth0:192.168.10.11
Laptop01 is connected to a switch, which also has cables from eth1 on both vyatta01 and vyatta02 connected. Eth0 on both vyatta01 and vyatta02 are connected into the main 192.168.2.0/24 network which has internet connectivity. With a base configuration of a default route to 192.168.2.21 on both vyatta01 and vyatta02, and the above IPs assigned to their respective network cards, I can ping 192.168.10.2 and 192.168.10.3 from laptop01; and I can ping 192.168.10.2 from vyatta01, and I can ping 192.168.10.3 from vyatta02. Basically, everything can ping everything. I then proceed to setup VRRP between vyatta01 and vyatta02 with the following config: --Vyatta02-- set interfaces ethernet eth1 vrrp vrrp-group 10 set interfaces ethernet eth1 vrrp virtual-address 192.168.10.1 set interfaces ethernet eth1 vrrp preempt true set interfaces ethernet eth1 vrrp priority 150 commit --Vyatta01-- set interfaces ethernet eth1 vrrp vrrp-group 10 set interfaces ethernet eth1 vrrp virtual-address 192.168.10.1 set interfaces ethernet eth1 vrrp preempt true set interfaces ethernet eth1 vrrp priority 20 commit So vyatta02 is the master, VIP is 192.168.10.1. Immediately, and as expected, I see in the output of "show vrrp" that vyatta02 considers itself the master, and vyatta01 sees itself as the backup. In a tcpdump from laptop01 I can see the VRRPv2 advertisements from vyatta02 every second. At this time from laptop01 I am unable to ping 192.168.10.1 or 192.168.10.2, but I can ping 192.168.10.3. The arp table on laptop01 shows the following: # arp -n Address HWtype HWaddress Flags Mask Iface 192.168.10.3 ether 00:1A:A0:2A:04:0A C eth0 192.168.10.1 ether 00:00:5E:00:01:0A C eth0 192.168.10.2 ether 00:00:5E:00:01:0A C eth0 From vyatta01, I am also unable to ping 192.168.10.1 and 192.168.10.2. What is causing me great confusion is if on vyatta02 I login as root and execute a "tcpdump -i eth1", instantly my pings from laptop01 and vyatta01 to both 192.168.10.1 and 192.168.10.2 start getting responses. As soon as I ctrl-c the tcpdump on vyatta02, the ping responses stop again. If I reconfigure the VRRP priority of vyatta02 to be lower than vyatta01, they change over to vyatta01 being the master, and vyatta02 as the backup. At this time from laptop01 I am able to ping 192.168.10.1, 192.168.10.2 and 192.168.10.3. In a tcpdump on laptop01 I see the VRRP advertisements coming from 192.168.10.3 as expected. The arp table on laptop01 now looks like this: # arp -n Address HWtype HWaddress Flags Mask Iface 192.168.10.3 ether 00:00:5E:00:01:0A C eth0 192.168.10.1 ether 00:00:5E:00:01:0A C eth0 192.168.10.2 ether 00:14:6C:70:50:6B C eth0 All systems can ping eachothers 192.168.10.x IPs at this time. In summary, I don't understand why when vyatta02 is master in the VRRP group both its IP 192.168.10.2 and the VIP 192.168.10.1 it is holding become unresponsive to pings. Then when a "tcpdump -i eth1" is run on vyatta02 both of the previously unresponsive IPs start responding to pings, then when the tcpdump is killed, the ping responses stop again. In a tcpdump from laptop01 while pinging 192.168.10.1 while vyatta02 is master and a tcpdump is not running, I can see the arp request and reply, then icmp echo requests being sent, but no responses. 15:24:38.645141 arp who-has 192.168.10.1 tell 192.168.10.11 15:24:38.645304 arp reply 192.168.10.1 is-at 00:00:5e:00:01:0a 15:24:38.645327 IP 192.168.10.11 > 192.168.10.1: ICMP echo request, id 43386, seq 1, length 64 15:24:39.644156 IP 192.168.10.11 > 192.168.10.1: ICMP echo request, id 43386, seq 2, length 64 15:24:40.644125 IP 192.168.10.11 > 192.168.10.1: ICMP echo request, id 43386, seq 3, length 64 15:24:41.644104 IP 192.168.10.11 > 192.168.10.1: ICMP echo request, id 43386, seq 4, length 64 15:24:42.644064 IP 192.168.10.11 > 192.168.10.1: ICMP echo request, id 43386, seq 5, length 64 15:24:43.644038 IP 192.168.10.11 > 192.168.10.1: ICMP echo request, id 43386, seq 6, length 64 Then if I start the "tcpdump -i eth1" on vyatta02 and start pinging 192.168.10.1 from laptop01, it gets responses to the icmp echo requests. 15:27:06.332838 arp who-has 192.168.10.1 tell 192.168.10.11 15:27:06.332983 arp reply 192.168.10.1 is-at 00:00:5e:00:01:0a 15:27:06.333001 IP 192.168.10.11 > 192.168.10.1: ICMP echo request, id 45946, seq 1, length 64 15:27:06.333181 IP 192.168.10.1 > 192.168.10.11: ICMP echo reply, id 45946, seq 1, length 64 15:27:07.331867 IP 192.168.10.11 > 192.168.10.1: ICMP echo request, id 45946, seq 2, length 64 15:27:07.332146 IP 192.168.10.1 > 192.168.10.11: ICMP echo reply, id 45946, seq 2, length 64 I have pasted the configurations of both vyatta01 and vyatta02 here: http://pastebin.com/f3f7bae41 I would love to hear back any suggestions anyone has about what the problem is and how I can get vyatt02 to respond normally to pings when it is the master, just like how vyatta01 responds when it is the master. Thanks for your time, Daniel -- Daniel Stickney - Linux Systems Administrator _______________________________________________ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
