Re: gre over carp
Yes, exactly. The fail-back never worked. All SAs would disappearĀ and subsequent failover to slave dropped SAs there too. There was a story behind this from the developer somewhere in the mail archives. A while back. On Wednesday, December 13, 2023 at 05:55:50 p.m. GMT+9, Janne Johansson wrote: Den ons 13 dec. 2023 kl 04:15 skrev All : > > >I'd like to add sasyncd in the mix and a 2nd router for higher > availability. > Don't do it. sasyncd is known not to work properly in failover scenarios. > When I ran it it did work fine for the first fail-over, but seldom (or perhaps never?) on fail-back when the master returned, so it was ok for giving me nice redundancy if the current carp master died, then I could choose a suitable time after fixing this node when to take a the hit of a new tunnel-setup as I flipped back. Never knew why it would only work one-way for me, but we had certain issues with broadcom bnx(4) cards and multicast at the time, so it could have been related to that. > >Will gre over carp work? > I think you can just try out in a vm. Don't see the reason why it would > not. > But perhaps there are some features that CARP interface doesn't support > for gre. > Do mind that carp on software-defined switch networks might need some settings in order to allow the virtual eth cards to send out frames with "bogus" mac-addresses, since some hypervisors keep good track of which macs they have given to a VM and drop ethernet frames sent with not-those mac-addresses as source. But to add to the original reply, I would probably go for two gre's towards the non-carp ips, since you are using ospf anyhow, you might just tell ospfd that one gre has a slightly higher cost than the other, and let it deal with the new network map when one of them fails. -- May the most significant bit of your life be positive.
Re: gre over carp
Den ons 13 dec. 2023 kl 04:15 skrev All : > > >I'd like to add sasyncd in the mix and a 2nd router for higher > availability. > Don't do it. sasyncd is known not to work properly in failover scenarios. > When I ran it it did work fine for the first fail-over, but seldom (or perhaps never?) on fail-back when the master returned, so it was ok for giving me nice redundancy if the current carp master died, then I could choose a suitable time after fixing this node when to take a the hit of a new tunnel-setup as I flipped back. Never knew why it would only work one-way for me, but we had certain issues with broadcom bnx(4) cards and multicast at the time, so it could have been related to that. > >Will gre over carp work? > I think you can just try out in a vm. Don't see the reason why it would > not. > But perhaps there are some features that CARP interface doesn't support > for gre. > Do mind that carp on software-defined switch networks might need some settings in order to allow the virtual eth cards to send out frames with "bogus" mac-addresses, since some hypervisors keep good track of which macs they have given to a VM and drop ethernet frames sent with not-those mac-addresses as source. But to add to the original reply, I would probably go for two gre's towards the non-carp ips, since you are using ospf anyhow, you might just tell ospfd that one gre has a slightly higher cost than the other, and let it deal with the new network map when one of them fails. -- May the most significant bit of your life be positive.
Re: gre over carp
>I'd like to add sasyncd in the mix and a 2nd router for higher availability. Don't do it. sasyncd is known not to work properly in failover scenarios. >Will gre over carp work? I think you can just try out in a vm. Don't see the reason why it would not. But perhaps there are some features that CARP interface doesn't support for gre. On Tuesday, December 12, 2023 at 09:01:53 p.m. GMT+9, Kapetanakis Giannis wrote: I was wondering if anyone runs gre tunnels over carp. We have an OpenBSD router that does ipsec over gre tunnels with remote location routers in order to pass voip traffic. Routing is done with ospf on top of gre. I'd like to add sasyncd in the mix and a 2nd router for higher availability. Will gre over carp work? I'd prefer to use the carped IP in the tunnel and not the real IP of each server, so eventually 1 tunnel (active) per remote router. How will this work when I demote master and go via backup? Thanks, G
gre over carp
I was wondering if anyone runs gre tunnels over carp. We have an OpenBSD router that does ipsec over gre tunnels with remote location routers in order to pass voip traffic. Routing is done with ospf on top of gre. I'd like to add sasyncd in the mix and a 2nd router for higher availability. Will gre over carp work? I'd prefer to use the carped IP in the tunnel and not the real IP of each server, so eventually 1 tunnel (active) per remote router. How will this work when I demote master and go via backup? Thanks, G
