NetBSD-Bugs archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: kern/48945: CARP preempt is not working
The following reply was made to PR kern/48945; it has been noted by GNATS.
From: HEO SeonMeyong <netbsd%seirios.org@localhost>
To: gnats-bugs%NetBSD.org@localhost, bouyer%antioche.eu.org@localhost
Cc: kern-bug-people%netbsd.org@localhost, gnats-admin%netbsd.org@localhost,
netbsd-bugs%netbsd.org@localhost, netbsd%seirios.org@localhost
Subject: Re: kern/48945: CARP preempt is not working
Date: Wed, 25 Jun 2014 12:16:40 +0900 (JST)
Hi bouyer.
Thank you very much for your review.
bouyer> No, I think it's correct. Preemption does indeed work (I have a
similiar setup,
bouyer> but with ~30 interfaces) and the backup router does take the traffic
bouyer> if one of the master's interface goes down.
bouyer> rt-A's carp1 is still master because the CARP protocol says it should
bouyer> still be master (carp0 would remain master too if you disconnected the
bouyer> interface from the brdige in dom0 instead of taking it down). preemp
bouyer> only force backup->master transition but not the other way round
I understand. I thought that CARP watchs CARP state and Interface
state. but you sey CARP watches tied Interface state and not CARP
I/F state.
bouyer> (that would be dangerous, you could end up with all interfaces in
backup state
bouyer> on both routers).
Followings are maybe off topic, sorry.
I want to this works. I wrote rt-A/rt-B is a router, but in my real
environment, rt-A and rt-B is router with Firewall(pf) and
IDS(snort).
So if rt-A and rt-B is asynmetric, pf and snort works limited
because (for ex) Incomming traffic is pass through rt-A and outgoing
traffic is pass through rt-B.
I think(or hope) pfsync is avoidance of this limitation, but snort
has no avoidance method.
I thought it is very few situation that Physical I/F is up and carp
I/F is down. But Operator can down CARP I/F, so I want force
preemption method.
Anyway, thank you very much for your review, again.
HEO
Home |
Main Index |
Thread Index |
Old Index