Ah, yes - you can't actually change the MAC on some hardware, so you end up in this confused state and only see packets destined for the interface in promiscuous mode (hence the suggestion to disable the virtual MAC . . .)
Justin On Dec 13, 2007 12:29 PM, Allan Leinwand <[EMAIL PROTECTED]> wrote: > A thought here that may help cut through some of the confusion. I think > that when you run tcpdump on the interface it places that interface into > promiscuous mode. When in this mode, it can respond to pings to both the > real IP address on the Ethernet and the virtual IP address (all packets are > being received by the interface so when it sees one for it's own IP > addresses, it responds). However, when the interface is running VRRP and in > non-promiscuous mode I am unsure if the real IP and the virtual IP both > respond to pings. > > Final caveat: I have not tried any of this recently, so with my advice YMMV. > > Thanks, > > allan > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Stig > Thormodsrud > Sent: Thursday, December 13, 2007 12:23 PM > To: 'Daniel Stickney'; vyatta-users@mailman.vyatta.com; 'Daniel Stickney'; > vyatta-users@mailman.vyatta.com > > Subject: Re: [Vyatta-users] VRRP Confusion > > I wonder if this might be solved with the disable-vmac setting? > > stig > > > -----Original Message----- > > From: [EMAIL PROTECTED] [mailto:vyatta-users- > > [EMAIL PROTECTED] On Behalf Of Daniel Stickney > > Sent: Wednesday, December 12, 2007 2:47 PM > > To: vyatta-users@mailman.vyatta.com > > Subject: [Vyatta-users] VRRP Confusion > > > > Hello everyone, > > > > I used google to search the mail list archive, but didn't get any > > results for my issue. This is my second day working on the problem and > > my colleagues don't have any suggestions. This post is a little long, > > but I hope thorough enough to give all relevant information. > > Here is my setup: > > vyatta01 - eth0:192.168.2.50, eth1:192.168.10.3 > > vyatta02 - eth0:192.168.2.51, eth1:192.168.10.2 > > laptop01 - eth0:192.168.10.11 > > > > Laptop01 is connected to a switch, which also has cables from eth1 on > > both vyatta01 and vyatta02 connected. Eth0 on both vyatta01 and > > vyatta02 are connected into the main 192.168.2.0/24 network which has > > internet connectivity. With a base configuration of a default route to > > 192.168.2.21 on both vyatta01 and vyatta02, and the above IPs assigned > > to their respective network cards, I can ping 192.168.10.2 and > > 192.168.10.3 from laptop01; and I can ping 192.168.10.2 from vyatta01, > > and I can ping 192.168.10.3 from vyatta02. Basically, everything can > > ping everything. > > > > I then proceed to setup VRRP between vyatta01 and vyatta02 with the > > following config: > > --Vyatta02-- > > set interfaces ethernet eth1 vrrp vrrp-group 10 set interfaces > > ethernet eth1 vrrp virtual-address 192.168.10.1 set interfaces > > ethernet eth1 vrrp preempt true set interfaces ethernet eth1 vrrp > > priority 150 commit > > --Vyatta01-- > > set interfaces ethernet eth1 vrrp vrrp-group 10 set interfaces > > ethernet eth1 vrrp virtual-address 192.168.10.1 set interfaces > > ethernet eth1 vrrp preempt true set interfaces ethernet eth1 vrrp > > priority 20 commit > > > > So vyatta02 is the master, VIP is 192.168.10.1. Immediately, and as > > expected, I see in the output of "show vrrp" that vyatta02 considers > > itself the master, and vyatta01 sees itself as the backup. In a > > tcpdump from laptop01 I can see the VRRPv2 advertisements from > > vyatta02 every second. At this time from laptop01 I am unable to ping > > 192.168.10.1 or 192.168.10.2, but I can ping 192.168.10.3. The arp > > table on laptop01 shows the following: > > # arp -n > > Address HWtype HWaddress Flags > > Mask Iface > > 192.168.10.3 ether 00:1A:A0:2A:04:0A > > C eth0 > > 192.168.10.1 ether 00:00:5E:00:01:0A > > C eth0 > > 192.168.10.2 ether 00:00:5E:00:01:0A > > C eth0 > > > > From vyatta01, I am also unable to ping 192.168.10.1 and 192.168.10.2. > > What is causing me great confusion is if on vyatta02 I login as root > > and execute a "tcpdump -i eth1", instantly my pings from laptop01 and > > vyatta01 to both 192.168.10.1 and 192.168.10.2 start getting responses. > > As soon as I ctrl-c the tcpdump on vyatta02, the ping responses stop > > again. > > > > If I reconfigure the VRRP priority of vyatta02 to be lower than > > vyatta01, they change over to vyatta01 being the master, and vyatta02 > > as the backup. At this time from laptop01 I am able to ping > > 192.168.10.1, > > 192.168.10.2 and 192.168.10.3. In a tcpdump on laptop01 I see the VRRP > > advertisements coming from 192.168.10.3 as expected. The arp table on > > laptop01 now looks like this: > > # arp -n > > Address HWtype HWaddress Flags > > Mask Iface > > 192.168.10.3 ether 00:00:5E:00:01:0A > > C eth0 > > 192.168.10.1 ether 00:00:5E:00:01:0A > > C eth0 > > 192.168.10.2 ether 00:14:6C:70:50:6B > > C eth0 > > > > All systems can ping eachothers 192.168.10.x IPs at this time. > > > > In summary, I don't understand why when vyatta02 is master in the VRRP > > group both its IP 192.168.10.2 and the VIP 192.168.10.1 it is holding > > become unresponsive to pings. Then when a "tcpdump -i eth1" is run on > > vyatta02 both of the previously unresponsive IPs start responding to > > pings, then when the tcpdump is killed, the ping responses stop again. > > In a tcpdump from laptop01 while pinging 192.168.10.1 while vyatta02 > > is master and a tcpdump is not running, I can see the arp request and > > reply, then icmp echo requests being sent, but no responses. > > > > 15:24:38.645141 arp who-has 192.168.10.1 tell 192.168.10.11 > > 15:24:38.645304 arp reply 192.168.10.1 is-at 00:00:5e:00:01:0a > > 15:24:38.645327 IP 192.168.10.11 > 192.168.10.1: ICMP echo request, id > > 43386, seq 1, length 64 > > 15:24:39.644156 IP 192.168.10.11 > 192.168.10.1: ICMP echo request, id > > 43386, seq 2, length 64 > > 15:24:40.644125 IP 192.168.10.11 > 192.168.10.1: ICMP echo request, id > > 43386, seq 3, length 64 > > 15:24:41.644104 IP 192.168.10.11 > 192.168.10.1: ICMP echo request, id > > 43386, seq 4, length 64 > > 15:24:42.644064 IP 192.168.10.11 > 192.168.10.1: ICMP echo request, id > > 43386, seq 5, length 64 > > 15:24:43.644038 IP 192.168.10.11 > 192.168.10.1: ICMP echo request, id > > 43386, seq 6, length 64 > > > > Then if I start the "tcpdump -i eth1" on vyatta02 and start pinging > > 192.168.10.1 from laptop01, it gets responses to the icmp echo requests. > > > > 15:27:06.332838 arp who-has 192.168.10.1 tell 192.168.10.11 > > 15:27:06.332983 arp reply 192.168.10.1 is-at 00:00:5e:00:01:0a > > 15:27:06.333001 IP 192.168.10.11 > 192.168.10.1: ICMP echo request, id > > 45946, seq 1, length 64 > > 15:27:06.333181 IP 192.168.10.1 > 192.168.10.11: ICMP echo reply, id > > 45946, seq 1, length 64 > > 15:27:07.331867 IP 192.168.10.11 > 192.168.10.1: ICMP echo request, id > > 45946, seq 2, length 64 > > 15:27:07.332146 IP 192.168.10.1 > 192.168.10.11: ICMP echo reply, id > > 45946, seq 2, length 64 > > > > I have pasted the configurations of both vyatta01 and vyatta02 here: > > http://pastebin.com/f3f7bae41 > > > > I would love to hear back any suggestions anyone has about what the > > problem is and how I can get vyatt02 to respond normally to pings when > > it is the master, just like how vyatta01 responds when it is the master. > > > > Thanks for your time, > > Daniel > > > > -- > > Daniel Stickney - Linux Systems Administrator > > > > _______________________________________________ > > Vyatta-users mailing list > > Vyatta-users@mailman.vyatta.com > > http://mailman.vyatta.com/mailman/listinfo/vyatta-users > > _______________________________________________ > Vyatta-users mailing list > Vyatta-users@mailman.vyatta.com > http://mailman.vyatta.com/mailman/listinfo/vyatta-users > > _______________________________________________ > Vyatta-users mailing list > Vyatta-users@mailman.vyatta.com > http://mailman.vyatta.com/mailman/listinfo/vyatta-users > _______________________________________________ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
