Hi Daniel, I don't think the disable-vmac option was in vc3, but you can look at the change here:
http://suva/git/?p=xorp.git;a=commit;h=0b3e4418e0ae961d902cc40209035f1b5ea a7adf Basically you can edit vrrpd.init and add a "-n" parameter to vrrpd to enable non-rfc compliance mode (i.e. no vmac). stig > Thank you both Stig and Allan for your input. How might I disable the > vmac setting? I found a file called /opt/vyatta/sbin/vrrpd.init, but no > mention of the string vmac in all of /opt. An interesting point is that > the failure to respond to pings except when tcpdump is running only > occurs on vyatta02. When vyatta01 is master, it responds to pings on > 192.168.10.1(VIP) and 192.168.10.3(eth1). When vyatta02 is master, > neither the VIP it holds nor 192.168.10.2(eth1) respond to pings. > > I tried two other tests without success. I swapped out the switch they > are all plugged into for the 192.168.10.0 network, and I also swapped > the 10.2 IP to vyatta01 and the 10.3 IP to vyatta02, but that also made > no difference. I have placed them back to their configuration as > documented in my original email. > > Thanks for your time, > -Daniel > > Allan Leinwand wrote: > > A thought here that may help cut through some of the confusion. I think > > that when you run tcpdump on the interface it places that interface into > > promiscuous mode. When in this mode, it can respond to pings to both the > > real IP address on the Ethernet and the virtual IP address (all packets > are > > being received by the interface so when it sees one for it's own IP > > addresses, it responds). However, when the interface is running VRRP and > in > > non-promiscuous mode I am unsure if the real IP and the virtual IP both > > respond to pings. > > > > Final caveat: I have not tried any of this recently, so with my advice > YMMV. > > > > Thanks, > > > > allan > > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] On Behalf Of Stig > > Thormodsrud > > Sent: Thursday, December 13, 2007 12:23 PM > > To: 'Daniel Stickney'; vyatta-users@mailman.vyatta.com; 'Daniel > Stickney'; > > vyatta-users@mailman.vyatta.com > > Subject: Re: [Vyatta-users] VRRP Confusion > > > > I wonder if this might be solved with the disable-vmac setting? > > > > stig > > > > > >> -----Original Message----- > >> From: [EMAIL PROTECTED] [mailto:vyatta-users- > >> [EMAIL PROTECTED] On Behalf Of Daniel Stickney > >> Sent: Wednesday, December 12, 2007 2:47 PM > >> To: vyatta-users@mailman.vyatta.com > >> Subject: [Vyatta-users] VRRP Confusion > >> > >> Hello everyone, > >> > >> I used google to search the mail list archive, but didn't get any > >> results for my issue. This is my second day working on the problem and > >> my colleagues don't have any suggestions. This post is a little long, > >> but I hope thorough enough to give all relevant information. > >> Here is my setup: > >> vyatta01 - eth0:192.168.2.50, eth1:192.168.10.3 > >> vyatta02 - eth0:192.168.2.51, eth1:192.168.10.2 > >> laptop01 - eth0:192.168.10.11 > >> > >> Laptop01 is connected to a switch, which also has cables from eth1 on > >> both vyatta01 and vyatta02 connected. Eth0 on both vyatta01 and > >> vyatta02 are connected into the main 192.168.2.0/24 network which has > >> internet connectivity. With a base configuration of a default route to > >> 192.168.2.21 on both vyatta01 and vyatta02, and the above IPs assigned > >> to their respective network cards, I can ping 192.168.10.2 and > >> 192.168.10.3 from laptop01; and I can ping 192.168.10.2 from vyatta01, > >> and I can ping 192.168.10.3 from vyatta02. Basically, everything can > >> ping everything. > >> > >> I then proceed to setup VRRP between vyatta01 and vyatta02 with the > >> following config: > >> --Vyatta02-- > >> set interfaces ethernet eth1 vrrp vrrp-group 10 set interfaces > >> ethernet eth1 vrrp virtual-address 192.168.10.1 set interfaces > >> ethernet eth1 vrrp preempt true set interfaces ethernet eth1 vrrp > >> priority 150 commit > >> --Vyatta01-- > >> set interfaces ethernet eth1 vrrp vrrp-group 10 set interfaces > >> ethernet eth1 vrrp virtual-address 192.168.10.1 set interfaces > >> ethernet eth1 vrrp preempt true set interfaces ethernet eth1 vrrp > >> priority 20 commit > >> > >> So vyatta02 is the master, VIP is 192.168.10.1. Immediately, and as > >> expected, I see in the output of "show vrrp" that vyatta02 considers > >> itself the master, and vyatta01 sees itself as the backup. In a > >> tcpdump from laptop01 I can see the VRRPv2 advertisements from > >> vyatta02 every second. At this time from laptop01 I am unable to ping > >> 192.168.10.1 or 192.168.10.2, but I can ping 192.168.10.3. The arp > >> table on laptop01 shows the following: > >> # arp -n > >> Address HWtype HWaddress Flags > >> Mask Iface > >> 192.168.10.3 ether 00:1A:A0:2A:04:0A > >> C eth0 > >> 192.168.10.1 ether 00:00:5E:00:01:0A > >> C eth0 > >> 192.168.10.2 ether 00:00:5E:00:01:0A > >> C eth0 > >> > >> From vyatta01, I am also unable to ping 192.168.10.1 and 192.168.10.2. > >> What is causing me great confusion is if on vyatta02 I login as root > >> and execute a "tcpdump -i eth1", instantly my pings from laptop01 and > >> vyatta01 to both 192.168.10.1 and 192.168.10.2 start getting responses. > >> As soon as I ctrl-c the tcpdump on vyatta02, the ping responses stop > >> again. > >> > >> If I reconfigure the VRRP priority of vyatta02 to be lower than > >> vyatta01, they change over to vyatta01 being the master, and vyatta02 > >> as the backup. At this time from laptop01 I am able to ping > >> 192.168.10.1, > >> 192.168.10.2 and 192.168.10.3. In a tcpdump on laptop01 I see the VRRP > >> advertisements coming from 192.168.10.3 as expected. The arp table on > >> laptop01 now looks like this: > >> # arp -n > >> Address HWtype HWaddress Flags > >> Mask Iface > >> 192.168.10.3 ether 00:00:5E:00:01:0A > >> C eth0 > >> 192.168.10.1 ether 00:00:5E:00:01:0A > >> C eth0 > >> 192.168.10.2 ether 00:14:6C:70:50:6B > >> C eth0 > >> > >> All systems can ping eachothers 192.168.10.x IPs at this time. > >> > >> In summary, I don't understand why when vyatta02 is master in the VRRP > >> group both its IP 192.168.10.2 and the VIP 192.168.10.1 it is holding > >> become unresponsive to pings. Then when a "tcpdump -i eth1" is run on > >> vyatta02 both of the previously unresponsive IPs start responding to > >> pings, then when the tcpdump is killed, the ping responses stop again. > >> In a tcpdump from laptop01 while pinging 192.168.10.1 while vyatta02 > >> is master and a tcpdump is not running, I can see the arp request and > >> reply, then icmp echo requests being sent, but no responses. > >> > >> 15:24:38.645141 arp who-has 192.168.10.1 tell 192.168.10.11 > >> 15:24:38.645304 arp reply 192.168.10.1 is-at 00:00:5e:00:01:0a > >> 15:24:38.645327 IP 192.168.10.11 > 192.168.10.1: ICMP echo request, id > >> 43386, seq 1, length 64 > >> 15:24:39.644156 IP 192.168.10.11 > 192.168.10.1: ICMP echo request, id > >> 43386, seq 2, length 64 > >> 15:24:40.644125 IP 192.168.10.11 > 192.168.10.1: ICMP echo request, id > >> 43386, seq 3, length 64 > >> 15:24:41.644104 IP 192.168.10.11 > 192.168.10.1: ICMP echo request, id > >> 43386, seq 4, length 64 > >> 15:24:42.644064 IP 192.168.10.11 > 192.168.10.1: ICMP echo request, id > >> 43386, seq 5, length 64 > >> 15:24:43.644038 IP 192.168.10.11 > 192.168.10.1: ICMP echo request, id > >> 43386, seq 6, length 64 > >> > >> Then if I start the "tcpdump -i eth1" on vyatta02 and start pinging > >> 192.168.10.1 from laptop01, it gets responses to the icmp echo > requests. > >> > >> 15:27:06.332838 arp who-has 192.168.10.1 tell 192.168.10.11 > >> 15:27:06.332983 arp reply 192.168.10.1 is-at 00:00:5e:00:01:0a > >> 15:27:06.333001 IP 192.168.10.11 > 192.168.10.1: ICMP echo request, id > >> 45946, seq 1, length 64 > >> 15:27:06.333181 IP 192.168.10.1 > 192.168.10.11: ICMP echo reply, id > >> 45946, seq 1, length 64 > >> 15:27:07.331867 IP 192.168.10.11 > 192.168.10.1: ICMP echo request, id > >> 45946, seq 2, length 64 > >> 15:27:07.332146 IP 192.168.10.1 > 192.168.10.11: ICMP echo reply, id > >> 45946, seq 2, length 64 > >> > >> I have pasted the configurations of both vyatta01 and vyatta02 here: > >> http://pastebin.com/f3f7bae41 > >> > >> I would love to hear back any suggestions anyone has about what the > >> problem is and how I can get vyatt02 to respond normally to pings when > >> it is the master, just like how vyatta01 responds when it is the > master. > >> > >> Thanks for your time, > >> Daniel > >> > >> -- > >> Daniel Stickney - Linux Systems Administrator > >> > >> _______________________________________________ > >> Vyatta-users mailing list > >> Vyatta-users@mailman.vyatta.com > >> http://mailman.vyatta.com/mailman/listinfo/vyatta-users > >> > > > > _______________________________________________ > > Vyatta-users mailing list > > Vyatta-users@mailman.vyatta.com > > http://mailman.vyatta.com/mailman/listinfo/vyatta-users > > > -- > > Daniel Stickney - Linux Systems Administrator > Email: [EMAIL PROTECTED] > Cell: 720.422.2732 Work: 303.497.9369 _______________________________________________ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
