> Can they be deleted while IP is configured? > >> No, it cannot. But since we don't control the management of the IP >> addresses, one could unplumb the VNIC while the VRRP router is enabled, >> and even delete the VNIC and then probably create a inrelevant link with >> the old VNIC name. That is what we want to avoid. Since the vrrpd would >> assume that the new link is the VNIC that we need track the IP addresses >> on and make the wrong assumption what would be the virtual IP addresses. >> > > The user could do all sorts of things that might make a mess of the > daemons that manage automatic interfaces. I don't think that means that > it's a good idea to try to prevent such administrative changes. > > Unless I'm missing something, this sounds like a very different practice > from what we've had in place for pretty much all the rest of networking, > and it seems to require elevated and otherwise unnecessary privileges in > order to accomplish. I'm not sure what to make of it, but it sounds > like too much work to me. > If the user deliberately thwarts the VRRP daemon by reconfiguring things > in ways documented not to work, what's the worst that happens? It > doesn't work properly until restarted, right? > I am not sure what kind of intentional misconfiguration is in your mind. I think it is possible in some cases, one has to delete and recreate the specific vrrp router in order to make the router work properly. In general, I'd like that either administrator is able to figure out the misconfiguration by looking at the "vrrpadm show-router output", or vrrpd can detect such mis-configuration and prompt a warning.
Thanks - Cathy
