Re: Using /32 resp. /128 netmask for carp ips
On 2018-11-24, Henry Bonath wrote: > To add to this, just as when using other first-hop redundancy protocols > like VRRP or HSRP on a Router or Layer-3 switch, > we only want the single IP address to float between the redundant hosts, > and not the entire subnet. > So we define the most specific subnet mask for IPv4, which is > 255.255.255.255 or /32 or if using IPv6, /128. On the other hand, when announcing the CARP-protected networks using OSPF, you *do* want the whole subnet announced. So the best approach depends how you're using it.
Re: Using /32 resp. /128 netmask for carp ips
To add to this, just as when using other first-hop redundancy protocols like VRRP or HSRP on a Router or Layer-3 switch, we only want the single IP address to float between the redundant hosts, and not the entire subnet. So we define the most specific subnet mask for IPv4, which is 255.255.255.255 or /32 or if using IPv6, /128. On Fri, Nov 23, 2018 at 1:16 PM Janne Johansson wrote: > Den fre 23 nov. 2018 kl 18:50 skrev Joerg Streckfuss < > streckf...@dfn-cert.de>: > > > > Dear list, > > > > i want to know why it is good practice to use /32 netmask for ipv4 > > respectively /128 netmask for ipv6 addresses on carp interfaces, while > using the > > "real" netmask for example /24 for a dedicated address on an interface. > > So that the real interface gets used for outgoing traffic generated on > the boxes, like ntp, > syslog, mails and so forth, even if the carp currently is not up (ie not > master) > > -- > May the most significant bit of your life be positive. > >
Re: Using /32 resp. /128 netmask for carp ips
Den fre 23 nov. 2018 kl 18:50 skrev Joerg Streckfuss : > > Dear list, > > i want to know why it is good practice to use /32 netmask for ipv4 > respectively /128 netmask for ipv6 addresses on carp interfaces, while using > the > "real" netmask for example /24 for a dedicated address on an interface. So that the real interface gets used for outgoing traffic generated on the boxes, like ntp, syslog, mails and so forth, even if the carp currently is not up (ie not master) -- May the most significant bit of your life be positive.
Using /32 resp. /128 netmask for carp ips
Dear list, i want to know why it is good practice to use /32 netmask for ipv4 respectively /128 netmask for ipv6 addresses on carp interfaces, while using the "real" netmask for example /24 for a dedicated address on an interface. Any advice ? Thanks, Joerg