> On 8/05/2014, at 11:09 pm, Henning Brauer <[email protected]> wrote: > > * Nick Hilliard <[email protected]> [2014-05-08 13:03]: >>> On 08/05/2014 11:25, Henning Brauer wrote: >>> you shouldn't see issues but log spam. >> maybe you misunderstand the problem. If you have vrrp and carp on the same >> vlan, using the same vrrp group ID as VHID, then each virtual IP will arp >> for the same mac address on that vlan. > > correct. > >> This messes up the switch's forwarding table for that particular vlan >> because it sees multiple entries from different ports for the same mac >> address. > > correct. > > my switches seem to deal with that, wether they have special handling > for that mac addr range or not i dunno.
What make and model switches? I am sure someone here can easily verify their behaviour and if they have some baked in pixie dust to handle this. But a pure l2 switch should not be able to mask the issue given all it has to go on is MAC so you would either see excessive flooding of a unicast MAC, or black holing of VRRP or CARP. Neither of which are desirable and given that the flooding would lead to serious security issues worries me from such a security focused community as the OpenBSD community professes to be. > > again, stress the fact that afair we have gotten zero reports about > that "issue" for 10 years, it obviously means that either > 1) a vast majority of switches deal with it just fine > 2) people know that vhids shouldn't clash and avoid that > > -- > Henning Brauer, [email protected], [email protected] > BS Web Services GmbH, AG Hamburg HRB 128289, http://bsws.de > Full-Service ISP - Secure Hosting, Mail and DNS Services > Dedicated Servers, Rootservers, VMs/PVS, Application Hosting
