Re: CARP access outside a subnet
Sorry about dredging this up again. A move got in the way and ... well, anyway. The upshot is, the hostnames have changed, and the subnet has changed, but the configuration and problem are effectively identical. The pings from the outside don't error out, they just never return. the outside machine: [EMAIL PROTECTED]:~$ ping 65.103.82.90 PING 65.103.82.90 (65.103.82.90): 56 data bytes ^C --- 65.103.82.90 ping statistics --- 4 packets transmitted, 0 packets received, 100% packet loss [EMAIL PROTECTED]:~$ tcpdump on the carp master: carp-md# tcpdump -e -n -i xennet1 host miskatonic.uberh4x0r.org tcpdump: WARNING: xennet1: no IPv4 address assigned tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on xennet1, link-type EN10MB (Ethernet), capture size 96 bytes 19:14:17.758467 00:16:3e:56:2d:c7 00:00:5e:00:01:41, ethertype IPv4 (0x0800), length 98: IP 70.90.241.185 65.103.82.90: icmp 64: echo request seq 0 19:14:18.754646 00:16:3e:56:2d:c7 00:00:5e:00:01:41, ethertype IPv4 (0x0800), length 98: IP 70.90.241.185 65.103.82.90: icmp 64: echo request seq 1 19:14:19.760833 00:16:3e:56:2d:c7 00:00:5e:00:01:41, ethertype IPv4 (0x0800), length 98: IP 70.90.241.185 65.103.82.90: icmp 64: echo request seq 2 19:14:20.757493 00:16:3e:56:2d:c7 00:00:5e:00:01:41, ethertype IPv4 (0x0800), length 98: IP 70.90.241.185 65.103.82.90: icmp 64: echo request seq 3 but it turns out i can't get to the internet from the master, either. carp-md# route -n get default route to: default destination: default mask: default gateway: 65.103.82.94 local addr: 65.103.82.90 interface: carp65 flags: UP,GATEWAY,DONE,STATIC recvpipe sendpipe ssthresh rtt,msecrttvar hopcount mtu expire 0 0 0 0 0 0 0 0 carp-md# ping 65.103.82.94 PING modem-meus.dsrw.org (65.103.82.94): 56 data bytes 64 bytes from 65.103.82.94: icmp_seq=0 ttl=64 time=2.473 ms 64 bytes from 65.103.82.94: icmp_seq=1 ttl=64 time=0.868 ms 64 bytes from 65.103.82.94: icmp_seq=2 ttl=64 time=0.846 ms ^C modem-meus.dsrw.org PING Statistics 3 packets transmitted, 3 packets received, 0.0% packet loss round-trip min/avg/max/stddev = 0.846/1.396/2.473/0.933 ms carp-md# ping -c1 miskatonic.uberh4x0r.org PING miskatonic.uberh4x0r.org (70.90.241.185): 56 data bytes ping: sendto: No route to host ^C miskatonic.uberh4x0r.org PING Statistics 1 packets transmitted, 0 packets received, 100.0% packet loss carp-md# .94 is the DSL modem, which is the default route for my real router. This machine can, of course, get to the internet. router-meus# route -n get default route to: default destination: default mask: default gateway: 65.103.82.94 local addr: 65.103.82.81 interface: xennet1 flags: UP,GATEWAY,DONE,STATIC recvpipe sendpipe ssthresh rtt,msecrttvar hopcount mtu expire 0 0 0 0 0 0 0 0 router-meus# ping -c1 65.103.82.94 PING modem-meus.dsrw.org (65.103.82.94): 56 data bytes 64 bytes from 65.103.82.94: icmp_seq=0 ttl=64 time=0.889 ms modem-meus.dsrw.org PING Statistics 1 packets transmitted, 1 packets received, 0.0% packet loss round-trip min/avg/max/stddev = 0.889/0.889/0.889/0.000 ms router-meus# ping -c1 miskatonic.uberh4x0r.org PING miskatonic.uberh4x0r.org (70.90.241.185): 56 data bytes 64 bytes from 70.90.241.185: icmp_seq=0 ttl=51 time=92.139 ms miskatonic.uberh4x0r.org PING Statistics 1 packets transmitted, 1 packets received, 0.0% packet loss round-trip min/avg/max/stddev = 92.139/92.139/92.139/0.000 ms router-meus# On 16 Apr 2007, Markus Wernig wrote: Hi I'm not sure about carp supporting addresses in other subnets than the physical one. But to debug this further: - what does tcpdump -e -n -i xennet1 show on the routers when you ping the virtual interface from outside the lan? - is the route for the egress path the same as for the ingress path (i.e. does the route back to the accessing device point out over the same interface (xennet1) that the packets come in on)? - maybe your next hop router does not receive the virtual mac address. check the arp table on the next hop router. - what is the error message when pinging from the outside and who generates it? krgds /markus david l goodrich wrote: I'm sorry to bring this up again, since it didn't get any responses the first time. But I haven't had any luck on my own, and was hoping someone might have an idea. On 4/9/07, david l goodrich dlgoodrich wrote: I have two hosts in a CARP group. on router-meus-cd1, i have the following network configuration: router-meus-cd1# ifconfig xennet1 xennet1: flags=8963UP,BROADCAST,NOTRAILERS,RUNNING,PROMISC,SIMPLEX,MULTICAST mtu 1500 capabilities=2800TCP4CSUM_Tx,UDP4CSUM_Tx enabled=0 address: 00:16:3e:71:ef:6f inet 10.10.10.2 netmask 0xff00 broadcast
Re: CARP access outside a subnet
Hi I'm not sure about carp supporting addresses in other subnets than the physical one. But to debug this further: - what does tcpdump -e -n -i xennet1 show on the routers when you ping the virtual interface from outside the lan? - is the route for the egress path the same as for the ingress path (i.e. does the route back to the accessing device point out over the same interface (xennet1) that the packets come in on)? - maybe your next hop router does not receive the virtual mac address. check the arp table on the next hop router. - what is the error message when pinging from the outside and who generates it? krgds /markus david l goodrich wrote: I'm sorry to bring this up again, since it didn't get any responses the first time. But I haven't had any luck on my own, and was hoping someone might have an idea. On 4/9/07, david l goodrich [EMAIL PROTECTED] wrote: I have two hosts in a CARP group. on router-meus-cd1, i have the following network configuration: router-meus-cd1# ifconfig xennet1 xennet1: flags=8963UP,BROADCAST,NOTRAILERS,RUNNING,PROMISC,SIMPLEX,MULTICAST mtu 1500 capabilities=2800TCP4CSUM_Tx,UDP4CSUM_Tx enabled=0 address: 00:16:3e:71:ef:6f inet 10.10.10.2 netmask 0xff00 broadcast 10.10.10.255 inet6 fe80::216:3eff:fe71:ef6f%xennet1 prefixlen 64 scopeid 0x4 router-meus-cd1# ifconfig carp216 carp216: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 carp: MASTER carpdev xennet1 vhid 216 advbase 1 advskew 0 address: 00:00:5e:00:01:d8 inet 216.51.247.30 netmask 0xfff8 broadcast 216.51.247.31 router-meus-cd1# on router-meus-cn1, i have a similar configuration: router-meus-cn1# ifconfig xennet1 xennet1: flags=8963UP,BROADCAST,NOTRAILERS,RUNNING,PROMISC,SIMPLEX,MULTICAST mtu 1500 capabilities=2800TCP4CSUM_Tx,UDP4CSUM_Tx enabled=0 address: 00:16:3e:04:d3:e0 inet 10.10.10.1 netmask 0xff00 broadcast 10.10.10.255 inet6 fe80::216:3eff:fe04:d3e0%xennet1 prefixlen 64 scopeid 0x4 router-meus-cn1# ifconfig carp216 carp216: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 carp: BACKUP carpdev xennet1 vhid 216 advbase 1 advskew 0216.51.247.30 address: 00:00:5e:00:01:d8 inet 216.51.247.30 netmask 0xfff8 broadcast 216.51.247.31 router-meus-cn1# The default route, nameservers, etc are all set correctly. CARP works great on the 216.51.247.24/29 subnet, from any machine on that subnet I can ping 216.51.247.30. When I get outside the subnet, I can't ping the address or ssh to it. Does anyone have some insight into why this is happening? Thanks --david
Re: CARP access outside a subnet
I'm sorry to bring this up again, since it didn't get any responses the first time. But I haven't had any luck on my own, and was hoping someone might have an idea. On 4/9/07, david l goodrich [EMAIL PROTECTED] wrote: I have two hosts in a CARP group. on router-meus-cd1, i have the following network configuration: router-meus-cd1# ifconfig xennet1 xennet1: flags=8963UP,BROADCAST,NOTRAILERS,RUNNING,PROMISC,SIMPLEX,MULTICAST mtu 1500 capabilities=2800TCP4CSUM_Tx,UDP4CSUM_Tx enabled=0 address: 00:16:3e:71:ef:6f inet 10.10.10.2 netmask 0xff00 broadcast 10.10.10.255 inet6 fe80::216:3eff:fe71:ef6f%xennet1 prefixlen 64 scopeid 0x4 router-meus-cd1# ifconfig carp216 carp216: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 carp: MASTER carpdev xennet1 vhid 216 advbase 1 advskew 0 address: 00:00:5e:00:01:d8 inet 216.51.247.30 netmask 0xfff8 broadcast 216.51.247.31 router-meus-cd1# on router-meus-cn1, i have a similar configuration: router-meus-cn1# ifconfig xennet1 xennet1: flags=8963UP,BROADCAST,NOTRAILERS,RUNNING,PROMISC,SIMPLEX,MULTICAST mtu 1500 capabilities=2800TCP4CSUM_Tx,UDP4CSUM_Tx enabled=0 address: 00:16:3e:04:d3:e0 inet 10.10.10.1 netmask 0xff00 broadcast 10.10.10.255 inet6 fe80::216:3eff:fe04:d3e0%xennet1 prefixlen 64 scopeid 0x4 router-meus-cn1# ifconfig carp216 carp216: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 carp: BACKUP carpdev xennet1 vhid 216 advbase 1 advskew 0216.51.247.30 address: 00:00:5e:00:01:d8 inet 216.51.247.30 netmask 0xfff8 broadcast 216.51.247.31 router-meus-cn1# The default route, nameservers, etc are all set correctly. CARP works great on the 216.51.247.24/29 subnet, from any machine on that subnet I can ping 216.51.247.30. When I get outside the subnet, I can't ping the address or ssh to it. Does anyone have some insight into why this is happening? Thanks --david
CARP access outside a subnet
I have two hosts in a CARP group. on router-meus-cd1, i have the following network configuration: router-meus-cd1# ifconfig xennet1 xennet1: flags=8963UP,BROADCAST,NOTRAILERS,RUNNING,PROMISC,SIMPLEX,MULTICAST mtu 1500 capabilities=2800TCP4CSUM_Tx,UDP4CSUM_Tx enabled=0 address: 00:16:3e:71:ef:6f inet 10.10.10.2 netmask 0xff00 broadcast 10.10.10.255 inet6 fe80::216:3eff:fe71:ef6f%xennet1 prefixlen 64 scopeid 0x4 router-meus-cd1# ifconfig carp216 carp216: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 carp: MASTER carpdev xennet1 vhid 216 advbase 1 advskew 0 address: 00:00:5e:00:01:d8 inet 216.51.247.30 netmask 0xfff8 broadcast 216.51.247.31 router-meus-cd1# on router-meus-cn1, i have a similar configuration: router-meus-cn1# ifconfig xennet1 xennet1: flags=8963UP,BROADCAST,NOTRAILERS,RUNNING,PROMISC,SIMPLEX,MULTICAST mtu 1500 capabilities=2800TCP4CSUM_Tx,UDP4CSUM_Tx enabled=0 address: 00:16:3e:04:d3:e0 inet 10.10.10.1 netmask 0xff00 broadcast 10.10.10.255 inet6 fe80::216:3eff:fe04:d3e0%xennet1 prefixlen 64 scopeid 0x4 router-meus-cn1# ifconfig carp216 carp216: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 carp: BACKUP carpdev xennet1 vhid 216 advbase 1 advskew 0216.51.247.30 address: 00:00:5e:00:01:d8 inet 216.51.247.30 netmask 0xfff8 broadcast 216.51.247.31 router-meus-cn1# The default route, nameservers, etc are all set correctly. CARP works great on the 216.51.247.24/29 subnet, from any machine on that subnet I can ping 216.51.247.30. When I get outside the subnet, I can't ping the address or ssh to it. Does anyone have some insight into why this is happening? Thanks --david
