-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 11/20/07 6:45 AM, Fridiric Pli wrote:
> Hello,
>
> Is there a way to control which multicast MAC address an ethernet interface
> should handle ?
>
> I have problem with a server running OpenBSD4.1-rel (A) with a pcn and carp
> interface.
> On the same Ethernet network, there is another server (B) and a
> hi-availability cluster of firewalls (commercial product) (F composed of F1
> and F2) reached via unicast IP address (IPADDR{F}) over multicast MAC
> address (MAC{F}).
>
> When B wants to communicate to a service behind F (IP route is known via
> IPADDR{FW} ) this appens :
> - B send ARP request to ff:ff:ff:ff:ff:ff from MAC{B} "Who has IPADDR{FW}?
> tell IPADDR{B}"
> - B receive ARP response from MAC{F1} to MAC{B} "IPADDR{FW} is at MAC{F}
> - B receive ARP response from MAC{F2} to MAC{B} "IPADDR{FW} is at MAC{F}
possible cluster misconfiguration here. there should only be one virtual
IP, and it alone should respond to ARP requests, with one IP/MAC address
> - B send an ethernet frame to F from MAC{B} IPADDR{B} to MAC{F} IPADDR{F}
> - A receive this ethernet frame
why? B and F have unicast MAC and IP addresses so far, yes? So, unless A
and B on a hub or wireless LAN, only B and F should see them.
> - A send a new frame from MAC{A} IPADDR{B} to MAC{?} (this MAC is a
> multicast mac that is not used by any of my openbsd server)
huh? why would A use B's address as its source IP?
CARP uses multicast but it sounds like there may be at least a couple of
other problems here. I would fix them first before proceeding.
dn
>
> This mean the one initial frame is duplicated and by cascade, huge of
> ethernet frames are transmitted.
>
> This behavour makes the performance of the firewall decreasing.
>
>
> Ethernet frames sent by another sever (SERVER2) to a multicast mac address
> that is handled by a cluster of firewall (commercial product) are received
> and resent to another multicast mac address.
>
>
> Thanks for help,
>
> Fred
iD8DBQFHREM9yPxGVjntI4IRAmkmAJ9XLQ6ztGmOI1o4CcDUv308ypET3gCg78KY
2X61JjtJLZVMn/q11T63CWI=
=/kyo
-----END PGP SIGNATURE-----
