On 07/04/15(Tue) 15:42, David Newman wrote:
> On 3/30/15 12:54 PM, Martin Pieuchot wrote:
> > [...]
> Not OK for the carp interfaces. On the production machines I'm
> replicating here as VMs, it looks like the carp interfaces are bound to
> themselves -- note that the last column is "carp21":
>
> # netstat -nr -f inet | grep 12.20.174.98
> 12.20.174.98 12.20.174.98 UH 0 14853 - 4
> carp21
Which version of OpenBSD are you running here?
> But on the similarly configured VM, the carp interface (carp221 in this
> example) is bound to the lo0 interface:
>
> # netstat -nr -f inet | grep 12.220.174.98
> 12.220.174.98 00:00:5e:00:01:dd UHLl 0 0 - 1 lo0
This is the behavior since 5.6.
> > Now if you configure an IP address of the same subnet on the parent
> > interface, vic1 in your case, this interface will hold the cloning
> > route ('C' in your output) and will be used to reach any other address
> > of the subnet. If you don't to that, then the carp interfaces should
> > hold the cloning route and their address will be used.
>
> In both cases above, the parent and carp interfaces are configured with
> IP addresses on the same subnet.
>
> In the case of the physical (production) machines, other machines on
> that subnet can ping the carp interface (the virtual IP address shared
> by two machines with carp interfaces).
>
> In the case of the VMs, a machine on that subnet cannot ping the carp
> interface. I think this is because it's bound to lo0, but I don't know why.
Can you tcpdump your traffic on the CARP node and see what happen to the
icmps packets? Do you see requests on the physical interface? On the
carp one? Do you see reply?
> Here again are the hostname files for the physical and carp interfaces
> on the VM.
>
> # cat hostname.vic1
> inet 12.220.174.99 255.255.255.224 12.220.174.127 up
>
> # backslash added for clarity -- it's 1 line in original
> # cat hostname.carp221
> inet 12.220.174.98 255.255.255.224 12.220.174.127 vhid 221 \
> carpdev vic1 advskew 1 pass ******
>
>
> > Does that answer your question?
>
> In terms of how CARP works, yes. In terms of why it's bound to lo0 here,
> no, sorry, I'm missing something here.
Routes to local address are bounds to lo0 because on this particular
machine you don't need to send the packet to the wire when you want
to reach your own address. Loopback interfaces are just that, a pipe
that connect the output of your stack to the input.
But it should not matter in your case.
