Re: [Vyatta-users] VRRP Confusion
Ahhh, very interesting. That makes *perfect* sense for this issue. Since I happened to have a spare NIC, so I swapped out the previous card and put in a different one, and now VRRP works perfectly and everything can ping everything all the time, no matter whether vyatta01 or vyatta02 is master. Thank you all so much for your inputs! I would have never have guessed that my previous card's MAC address was unchangeable. In the output of "ifconfig" I could see the MAC address changing for eth1 when it switched between master and backup, so that possibility never occurred to me. Thanks again all! Daniel Justin Fletcher wrote: > Ah, yes - you can't actually change the MAC on some hardware, so you end > up in this confused state and only see packets destined for the interface in > promiscuous mode (hence the suggestion to disable the virtual MAC . . .) > > Justin > > On Dec 13, 2007 12:29 PM, Allan Leinwand <[EMAIL PROTECTED]> wrote: > >> A thought here that may help cut through some of the confusion. I think >> that when you run tcpdump on the interface it places that interface into >> promiscuous mode. When in this mode, it can respond to pings to both the >> real IP address on the Ethernet and the virtual IP address (all packets are >> being received by the interface so when it sees one for it's own IP >> addresses, it responds). However, when the interface is running VRRP and in >> non-promiscuous mode I am unsure if the real IP and the virtual IP both >> respond to pings. >> >> Final caveat: I have not tried any of this recently, so with my advice YMMV. >> >> Thanks, >> >> allan >> >> -Original Message- >> From: [EMAIL PROTECTED] >> [mailto:[EMAIL PROTECTED] On Behalf Of Stig >> Thormodsrud >> Sent: Thursday, December 13, 2007 12:23 PM >> To: 'Daniel Stickney'; vyatta-users@mailman.vyatta.com; 'Daniel Stickney'; >> vyatta-users@mailman.vyatta.com >> >> Subject: Re: [Vyatta-users] VRRP Confusion >> >> I wonder if this might be solved with the disable-vmac setting? >> >> stig >> >> >>> -Original Message- >>> From: [EMAIL PROTECTED] [mailto:vyatta-users- >>> [EMAIL PROTECTED] On Behalf Of Daniel Stickney >>> Sent: Wednesday, December 12, 2007 2:47 PM >>> To: vyatta-users@mailman.vyatta.com >>> Subject: [Vyatta-users] VRRP Confusion >>> >>> Hello everyone, >>> >>> I used google to search the mail list archive, but didn't get any >>> results for my issue. This is my second day working on the problem and >>> my colleagues don't have any suggestions. This post is a little long, >>> but I hope thorough enough to give all relevant information. >>> Here is my setup: >>> vyatta01 - eth0:192.168.2.50, eth1:192.168.10.3 >>> vyatta02 - eth0:192.168.2.51, eth1:192.168.10.2 >>> laptop01 - eth0:192.168.10.11 >>> >>> Laptop01 is connected to a switch, which also has cables from eth1 on >>> both vyatta01 and vyatta02 connected. Eth0 on both vyatta01 and >>> vyatta02 are connected into the main 192.168.2.0/24 network which has >>> internet connectivity. With a base configuration of a default route to >>> 192.168.2.21 on both vyatta01 and vyatta02, and the above IPs assigned >>> to their respective network cards, I can ping 192.168.10.2 and >>> 192.168.10.3 from laptop01; and I can ping 192.168.10.2 from vyatta01, >>> and I can ping 192.168.10.3 from vyatta02. Basically, everything can >>> ping everything. >>> >>> I then proceed to setup VRRP between vyatta01 and vyatta02 with the >>> following config: >>> --Vyatta02-- >>> set interfaces ethernet eth1 vrrp vrrp-group 10 set interfaces >>> ethernet eth1 vrrp virtual-address 192.168.10.1 set interfaces >>> ethernet eth1 vrrp preempt true set interfaces ethernet eth1 vrrp >>> priority 150 commit >>> --Vyatta01-- >>> set interfaces ethernet eth1 vrrp vrrp-group 10 set interfaces >>> ethernet eth1 vrrp virtual-address 192.168.10.1 set interfaces >>> ethernet eth1 vrrp preempt true set interfaces ethernet eth1 vrrp >>> priority 20 commit >>> >>> So vyatta02 is the master, VIP is 192.168.10.1. Immediately, and as >>> expected, I see in the output of "show vrrp" that vyatta02 considers >>> itself the master, and vyatta01 sees itself as the backup. In a >>> tcpdump from laptop01 I can see the VRRPv2 advertisements from >>> vyatta02 every second. At this time from l
Re: [Vyatta-users] VRRP Confusion
Hi Daniel, I don't think the disable-vmac option was in vc3, but you can look at the change here: http://suva/git/?p=xorp.git;a=commit;h=0b3e4418e0ae961d902cc40209035f1b5ea a7adf Basically you can edit vrrpd.init and add a "-n" parameter to vrrpd to enable non-rfc compliance mode (i.e. no vmac). stig > Thank you both Stig and Allan for your input. How might I disable the > vmac setting? I found a file called /opt/vyatta/sbin/vrrpd.init, but no > mention of the string vmac in all of /opt. An interesting point is that > the failure to respond to pings except when tcpdump is running only > occurs on vyatta02. When vyatta01 is master, it responds to pings on > 192.168.10.1(VIP) and 192.168.10.3(eth1). When vyatta02 is master, > neither the VIP it holds nor 192.168.10.2(eth1) respond to pings. > > I tried two other tests without success. I swapped out the switch they > are all plugged into for the 192.168.10.0 network, and I also swapped > the 10.2 IP to vyatta01 and the 10.3 IP to vyatta02, but that also made > no difference. I have placed them back to their configuration as > documented in my original email. > > Thanks for your time, > -Daniel > > Allan Leinwand wrote: > > A thought here that may help cut through some of the confusion. I think > > that when you run tcpdump on the interface it places that interface into > > promiscuous mode. When in this mode, it can respond to pings to both the > > real IP address on the Ethernet and the virtual IP address (all packets > are > > being received by the interface so when it sees one for it's own IP > > addresses, it responds). However, when the interface is running VRRP and > in > > non-promiscuous mode I am unsure if the real IP and the virtual IP both > > respond to pings. > > > > Final caveat: I have not tried any of this recently, so with my advice > YMMV. > > > > Thanks, > > > > allan > > > > -Original Message- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] On Behalf Of Stig > > Thormodsrud > > Sent: Thursday, December 13, 2007 12:23 PM > > To: 'Daniel Stickney'; vyatta-users@mailman.vyatta.com; 'Daniel > Stickney'; > > vyatta-users@mailman.vyatta.com > > Subject: Re: [Vyatta-users] VRRP Confusion > > > > I wonder if this might be solved with the disable-vmac setting? > > > > stig > > > > > >> -Original Message- > >> From: [EMAIL PROTECTED] [mailto:vyatta-users- > >> [EMAIL PROTECTED] On Behalf Of Daniel Stickney > >> Sent: Wednesday, December 12, 2007 2:47 PM > >> To: vyatta-users@mailman.vyatta.com > >> Subject: [Vyatta-users] VRRP Confusion > >> > >> Hello everyone, > >> > >> I used google to search the mail list archive, but didn't get any > >> results for my issue. This is my second day working on the problem and > >> my colleagues don't have any suggestions. This post is a little long, > >> but I hope thorough enough to give all relevant information. > >> Here is my setup: > >> vyatta01 - eth0:192.168.2.50, eth1:192.168.10.3 > >> vyatta02 - eth0:192.168.2.51, eth1:192.168.10.2 > >> laptop01 - eth0:192.168.10.11 > >> > >> Laptop01 is connected to a switch, which also has cables from eth1 on > >> both vyatta01 and vyatta02 connected. Eth0 on both vyatta01 and > >> vyatta02 are connected into the main 192.168.2.0/24 network which has > >> internet connectivity. With a base configuration of a default route to > >> 192.168.2.21 on both vyatta01 and vyatta02, and the above IPs assigned > >> to their respective network cards, I can ping 192.168.10.2 and > >> 192.168.10.3 from laptop01; and I can ping 192.168.10.2 from vyatta01, > >> and I can ping 192.168.10.3 from vyatta02. Basically, everything can > >> ping everything. > >> > >> I then proceed to setup VRRP between vyatta01 and vyatta02 with the > >> following config: > >> --Vyatta02-- > >> set interfaces ethernet eth1 vrrp vrrp-group 10 set interfaces > >> ethernet eth1 vrrp virtual-address 192.168.10.1 set interfaces > >> ethernet eth1 vrrp preempt true set interfaces ethernet eth1 vrrp > >> priority 150 commit > >> --Vyatta01-- > >> set interfaces ethernet eth1 vrrp vrrp-group 10 set interfaces > >> ethernet eth1 vrrp virtual-address 192.168.10.1 set interfaces > >> ethernet eth1 vrrp preempt true set interfaces ethernet eth1 vrrp > >> priority 20 commit > >> > >> So vyatta02 is the master, VIP is 192.168
Re: [Vyatta-users] VRRP Confusion
Thank you both Stig and Allan for your input. How might I disable the vmac setting? I found a file called /opt/vyatta/sbin/vrrpd.init, but no mention of the string vmac in all of /opt. An interesting point is that the failure to respond to pings except when tcpdump is running only occurs on vyatta02. When vyatta01 is master, it responds to pings on 192.168.10.1(VIP) and 192.168.10.3(eth1). When vyatta02 is master, neither the VIP it holds nor 192.168.10.2(eth1) respond to pings. I tried two other tests without success. I swapped out the switch they are all plugged into for the 192.168.10.0 network, and I also swapped the 10.2 IP to vyatta01 and the 10.3 IP to vyatta02, but that also made no difference. I have placed them back to their configuration as documented in my original email. Thanks for your time, -Daniel Allan Leinwand wrote: > A thought here that may help cut through some of the confusion. I think > that when you run tcpdump on the interface it places that interface into > promiscuous mode. When in this mode, it can respond to pings to both the > real IP address on the Ethernet and the virtual IP address (all packets are > being received by the interface so when it sees one for it's own IP > addresses, it responds). However, when the interface is running VRRP and in > non-promiscuous mode I am unsure if the real IP and the virtual IP both > respond to pings. > > Final caveat: I have not tried any of this recently, so with my advice YMMV. > > Thanks, > > allan > > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Stig > Thormodsrud > Sent: Thursday, December 13, 2007 12:23 PM > To: 'Daniel Stickney'; vyatta-users@mailman.vyatta.com; 'Daniel Stickney'; > vyatta-users@mailman.vyatta.com > Subject: Re: [Vyatta-users] VRRP Confusion > > I wonder if this might be solved with the disable-vmac setting? > > stig > > >> -Original Message- >> From: [EMAIL PROTECTED] [mailto:vyatta-users- >> [EMAIL PROTECTED] On Behalf Of Daniel Stickney >> Sent: Wednesday, December 12, 2007 2:47 PM >> To: vyatta-users@mailman.vyatta.com >> Subject: [Vyatta-users] VRRP Confusion >> >> Hello everyone, >> >> I used google to search the mail list archive, but didn't get any >> results for my issue. This is my second day working on the problem and >> my colleagues don't have any suggestions. This post is a little long, >> but I hope thorough enough to give all relevant information. >> Here is my setup: >> vyatta01 - eth0:192.168.2.50, eth1:192.168.10.3 >> vyatta02 - eth0:192.168.2.51, eth1:192.168.10.2 >> laptop01 - eth0:192.168.10.11 >> >> Laptop01 is connected to a switch, which also has cables from eth1 on >> both vyatta01 and vyatta02 connected. Eth0 on both vyatta01 and >> vyatta02 are connected into the main 192.168.2.0/24 network which has >> internet connectivity. With a base configuration of a default route to >> 192.168.2.21 on both vyatta01 and vyatta02, and the above IPs assigned >> to their respective network cards, I can ping 192.168.10.2 and >> 192.168.10.3 from laptop01; and I can ping 192.168.10.2 from vyatta01, >> and I can ping 192.168.10.3 from vyatta02. Basically, everything can >> ping everything. >> >> I then proceed to setup VRRP between vyatta01 and vyatta02 with the >> following config: >> --Vyatta02-- >> set interfaces ethernet eth1 vrrp vrrp-group 10 set interfaces >> ethernet eth1 vrrp virtual-address 192.168.10.1 set interfaces >> ethernet eth1 vrrp preempt true set interfaces ethernet eth1 vrrp >> priority 150 commit >> --Vyatta01-- >> set interfaces ethernet eth1 vrrp vrrp-group 10 set interfaces >> ethernet eth1 vrrp virtual-address 192.168.10.1 set interfaces >> ethernet eth1 vrrp preempt true set interfaces ethernet eth1 vrrp >> priority 20 commit >> >> So vyatta02 is the master, VIP is 192.168.10.1. Immediately, and as >> expected, I see in the output of "show vrrp" that vyatta02 considers >> itself the master, and vyatta01 sees itself as the backup. In a >> tcpdump from laptop01 I can see the VRRPv2 advertisements from >> vyatta02 every second. At this time from laptop01 I am unable to ping >> 192.168.10.1 or 192.168.10.2, but I can ping 192.168.10.3. The arp >> table on laptop01 shows the following: >> # arp -n >> Address HWtype HWaddress Flags >> MaskIface >> 192.168.10.3 ether 00:1A:A0:2A:04:0A >> C eth0 >> 192.168.10.1 ether 00:00:5E:00:01:0A >> C
Re: [Vyatta-users] VRRP Confusion
Ah, yes - you can't actually change the MAC on some hardware, so you end up in this confused state and only see packets destined for the interface in promiscuous mode (hence the suggestion to disable the virtual MAC . . .) Justin On Dec 13, 2007 12:29 PM, Allan Leinwand <[EMAIL PROTECTED]> wrote: > A thought here that may help cut through some of the confusion. I think > that when you run tcpdump on the interface it places that interface into > promiscuous mode. When in this mode, it can respond to pings to both the > real IP address on the Ethernet and the virtual IP address (all packets are > being received by the interface so when it sees one for it's own IP > addresses, it responds). However, when the interface is running VRRP and in > non-promiscuous mode I am unsure if the real IP and the virtual IP both > respond to pings. > > Final caveat: I have not tried any of this recently, so with my advice YMMV. > > Thanks, > > allan > > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Stig > Thormodsrud > Sent: Thursday, December 13, 2007 12:23 PM > To: 'Daniel Stickney'; vyatta-users@mailman.vyatta.com; 'Daniel Stickney'; > vyatta-users@mailman.vyatta.com > > Subject: Re: [Vyatta-users] VRRP Confusion > > I wonder if this might be solved with the disable-vmac setting? > > stig > > > -Original Message- > > From: [EMAIL PROTECTED] [mailto:vyatta-users- > > [EMAIL PROTECTED] On Behalf Of Daniel Stickney > > Sent: Wednesday, December 12, 2007 2:47 PM > > To: vyatta-users@mailman.vyatta.com > > Subject: [Vyatta-users] VRRP Confusion > > > > Hello everyone, > > > > I used google to search the mail list archive, but didn't get any > > results for my issue. This is my second day working on the problem and > > my colleagues don't have any suggestions. This post is a little long, > > but I hope thorough enough to give all relevant information. > > Here is my setup: > > vyatta01 - eth0:192.168.2.50, eth1:192.168.10.3 > > vyatta02 - eth0:192.168.2.51, eth1:192.168.10.2 > > laptop01 - eth0:192.168.10.11 > > > > Laptop01 is connected to a switch, which also has cables from eth1 on > > both vyatta01 and vyatta02 connected. Eth0 on both vyatta01 and > > vyatta02 are connected into the main 192.168.2.0/24 network which has > > internet connectivity. With a base configuration of a default route to > > 192.168.2.21 on both vyatta01 and vyatta02, and the above IPs assigned > > to their respective network cards, I can ping 192.168.10.2 and > > 192.168.10.3 from laptop01; and I can ping 192.168.10.2 from vyatta01, > > and I can ping 192.168.10.3 from vyatta02. Basically, everything can > > ping everything. > > > > I then proceed to setup VRRP between vyatta01 and vyatta02 with the > > following config: > > --Vyatta02-- > > set interfaces ethernet eth1 vrrp vrrp-group 10 set interfaces > > ethernet eth1 vrrp virtual-address 192.168.10.1 set interfaces > > ethernet eth1 vrrp preempt true set interfaces ethernet eth1 vrrp > > priority 150 commit > > --Vyatta01-- > > set interfaces ethernet eth1 vrrp vrrp-group 10 set interfaces > > ethernet eth1 vrrp virtual-address 192.168.10.1 set interfaces > > ethernet eth1 vrrp preempt true set interfaces ethernet eth1 vrrp > > priority 20 commit > > > > So vyatta02 is the master, VIP is 192.168.10.1. Immediately, and as > > expected, I see in the output of "show vrrp" that vyatta02 considers > > itself the master, and vyatta01 sees itself as the backup. In a > > tcpdump from laptop01 I can see the VRRPv2 advertisements from > > vyatta02 every second. At this time from laptop01 I am unable to ping > > 192.168.10.1 or 192.168.10.2, but I can ping 192.168.10.3. The arp > > table on laptop01 shows the following: > > # arp -n > > Address HWtype HWaddress Flags > > MaskIface > > 192.168.10.3 ether 00:1A:A0:2A:04:0A > > C eth0 > > 192.168.10.1 ether 00:00:5E:00:01:0A > > C eth0 > > 192.168.10.2 ether 00:00:5E:00:01:0A > > C eth0 > > > > From vyatta01, I am also unable to ping 192.168.10.1 and 192.168.10.2. > > What is causing me great confusion is if on vyatta02 I login as root > > and execute a "tcpdump -i eth1", instantly my pings from laptop01 and > > vyatta01 to both 192.168.10.1 and 192.168.10.2 start getting responses. > > As soon as I ctrl-c the tcpdump on vyatta02,
Re: [Vyatta-users] VRRP Confusion
A thought here that may help cut through some of the confusion. I think that when you run tcpdump on the interface it places that interface into promiscuous mode. When in this mode, it can respond to pings to both the real IP address on the Ethernet and the virtual IP address (all packets are being received by the interface so when it sees one for it's own IP addresses, it responds). However, when the interface is running VRRP and in non-promiscuous mode I am unsure if the real IP and the virtual IP both respond to pings. Final caveat: I have not tried any of this recently, so with my advice YMMV. Thanks, allan -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Stig Thormodsrud Sent: Thursday, December 13, 2007 12:23 PM To: 'Daniel Stickney'; vyatta-users@mailman.vyatta.com; 'Daniel Stickney'; vyatta-users@mailman.vyatta.com Subject: Re: [Vyatta-users] VRRP Confusion I wonder if this might be solved with the disable-vmac setting? stig > -Original Message- > From: [EMAIL PROTECTED] [mailto:vyatta-users- > [EMAIL PROTECTED] On Behalf Of Daniel Stickney > Sent: Wednesday, December 12, 2007 2:47 PM > To: vyatta-users@mailman.vyatta.com > Subject: [Vyatta-users] VRRP Confusion > > Hello everyone, > > I used google to search the mail list archive, but didn't get any > results for my issue. This is my second day working on the problem and > my colleagues don't have any suggestions. This post is a little long, > but I hope thorough enough to give all relevant information. > Here is my setup: > vyatta01 - eth0:192.168.2.50, eth1:192.168.10.3 > vyatta02 - eth0:192.168.2.51, eth1:192.168.10.2 > laptop01 - eth0:192.168.10.11 > > Laptop01 is connected to a switch, which also has cables from eth1 on > both vyatta01 and vyatta02 connected. Eth0 on both vyatta01 and > vyatta02 are connected into the main 192.168.2.0/24 network which has > internet connectivity. With a base configuration of a default route to > 192.168.2.21 on both vyatta01 and vyatta02, and the above IPs assigned > to their respective network cards, I can ping 192.168.10.2 and > 192.168.10.3 from laptop01; and I can ping 192.168.10.2 from vyatta01, > and I can ping 192.168.10.3 from vyatta02. Basically, everything can > ping everything. > > I then proceed to setup VRRP between vyatta01 and vyatta02 with the > following config: > --Vyatta02-- > set interfaces ethernet eth1 vrrp vrrp-group 10 set interfaces > ethernet eth1 vrrp virtual-address 192.168.10.1 set interfaces > ethernet eth1 vrrp preempt true set interfaces ethernet eth1 vrrp > priority 150 commit > --Vyatta01-- > set interfaces ethernet eth1 vrrp vrrp-group 10 set interfaces > ethernet eth1 vrrp virtual-address 192.168.10.1 set interfaces > ethernet eth1 vrrp preempt true set interfaces ethernet eth1 vrrp > priority 20 commit > > So vyatta02 is the master, VIP is 192.168.10.1. Immediately, and as > expected, I see in the output of "show vrrp" that vyatta02 considers > itself the master, and vyatta01 sees itself as the backup. In a > tcpdump from laptop01 I can see the VRRPv2 advertisements from > vyatta02 every second. At this time from laptop01 I am unable to ping > 192.168.10.1 or 192.168.10.2, but I can ping 192.168.10.3. The arp > table on laptop01 shows the following: > # arp -n > Address HWtype HWaddress Flags > MaskIface > 192.168.10.3 ether 00:1A:A0:2A:04:0A > C eth0 > 192.168.10.1 ether 00:00:5E:00:01:0A > C eth0 > 192.168.10.2 ether 00:00:5E:00:01:0A > C eth0 > > From vyatta01, I am also unable to ping 192.168.10.1 and 192.168.10.2. > What is causing me great confusion is if on vyatta02 I login as root > and execute a "tcpdump -i eth1", instantly my pings from laptop01 and > vyatta01 to both 192.168.10.1 and 192.168.10.2 start getting responses. > As soon as I ctrl-c the tcpdump on vyatta02, the ping responses stop > again. > > If I reconfigure the VRRP priority of vyatta02 to be lower than > vyatta01, they change over to vyatta01 being the master, and vyatta02 > as the backup. At this time from laptop01 I am able to ping > 192.168.10.1, > 192.168.10.2 and 192.168.10.3. In a tcpdump on laptop01 I see the VRRP > advertisements coming from 192.168.10.3 as expected. The arp table on > laptop01 now looks like this: > # arp -n > Address HWtype HWaddress Flags > MaskIface > 192.168.10.3 ether 00:00:5E:00:01:0A > C eth0 > 192.168.10.1 ether 00:00:5E:00:01:0A > C
Re: [Vyatta-users] VRRP Confusion
I wonder if this might be solved with the disable-vmac setting? stig > -Original Message- > From: [EMAIL PROTECTED] [mailto:vyatta-users- > [EMAIL PROTECTED] On Behalf Of Daniel Stickney > Sent: Wednesday, December 12, 2007 2:47 PM > To: vyatta-users@mailman.vyatta.com > Subject: [Vyatta-users] VRRP Confusion > > Hello everyone, > > I used google to search the mail list archive, but didn't get any > results for my issue. This is my second day working on the problem and > my colleagues don't have any suggestions. This post is a little long, > but I hope thorough enough to give all relevant information. > Here is my setup: > vyatta01 - eth0:192.168.2.50, eth1:192.168.10.3 > vyatta02 - eth0:192.168.2.51, eth1:192.168.10.2 > laptop01 - eth0:192.168.10.11 > > Laptop01 is connected to a switch, which also has cables from eth1 on > both vyatta01 and vyatta02 connected. Eth0 on both vyatta01 and vyatta02 > are connected into the main 192.168.2.0/24 network which has internet > connectivity. With a base configuration of a default route to > 192.168.2.21 on both vyatta01 and vyatta02, and the above IPs assigned > to their respective network cards, I can ping 192.168.10.2 and > 192.168.10.3 from laptop01; and I can ping 192.168.10.2 from vyatta01, > and I can ping 192.168.10.3 from vyatta02. Basically, everything can > ping everything. > > I then proceed to setup VRRP between vyatta01 and vyatta02 with the > following config: > --Vyatta02-- > set interfaces ethernet eth1 vrrp vrrp-group 10 > set interfaces ethernet eth1 vrrp virtual-address 192.168.10.1 > set interfaces ethernet eth1 vrrp preempt true > set interfaces ethernet eth1 vrrp priority 150 > commit > --Vyatta01-- > set interfaces ethernet eth1 vrrp vrrp-group 10 > set interfaces ethernet eth1 vrrp virtual-address 192.168.10.1 > set interfaces ethernet eth1 vrrp preempt true > set interfaces ethernet eth1 vrrp priority 20 > commit > > So vyatta02 is the master, VIP is 192.168.10.1. Immediately, and as > expected, I see in the output of "show vrrp" that vyatta02 considers > itself the master, and vyatta01 sees itself as the backup. In a tcpdump > from laptop01 I can see the VRRPv2 advertisements from vyatta02 every > second. At this time from laptop01 I am unable to ping 192.168.10.1 or > 192.168.10.2, but I can ping 192.168.10.3. The arp table on laptop01 > shows the following: > # arp -n > Address HWtype HWaddress Flags > MaskIface > 192.168.10.3 ether 00:1A:A0:2A:04:0A > C eth0 > 192.168.10.1 ether 00:00:5E:00:01:0A > C eth0 > 192.168.10.2 ether 00:00:5E:00:01:0A > C eth0 > > From vyatta01, I am also unable to ping 192.168.10.1 and 192.168.10.2. > What is causing me great confusion is if on vyatta02 I login as root and > execute a "tcpdump -i eth1", instantly my pings from laptop01 and > vyatta01 to both 192.168.10.1 and 192.168.10.2 start getting responses. > As soon as I ctrl-c the tcpdump on vyatta02, the ping responses stop > again. > > If I reconfigure the VRRP priority of vyatta02 to be lower than > vyatta01, they change over to vyatta01 being the master, and vyatta02 as > the backup. At this time from laptop01 I am able to ping 192.168.10.1, > 192.168.10.2 and 192.168.10.3. In a tcpdump on laptop01 I see the VRRP > advertisements coming from 192.168.10.3 as expected. The arp table on > laptop01 now looks like this: > # arp -n > Address HWtype HWaddress Flags > MaskIface > 192.168.10.3 ether 00:00:5E:00:01:0A > C eth0 > 192.168.10.1 ether 00:00:5E:00:01:0A > C eth0 > 192.168.10.2 ether 00:14:6C:70:50:6B > C eth0 > > All systems can ping eachothers 192.168.10.x IPs at this time. > > In summary, I don't understand why when vyatta02 is master in the VRRP > group both its IP 192.168.10.2 and the VIP 192.168.10.1 it is holding > become unresponsive to pings. Then when a "tcpdump -i eth1" is run on > vyatta02 both of the previously unresponsive IPs start responding to > pings, then when the tcpdump is killed, the ping responses stop again. > In a tcpdump from laptop01 while pinging 192.168.10.1 while vyatta02 is > master and a tcpdump is not running, I can see the arp request and > reply, then icmp echo requests being sent, but no responses. > > 15:24:38.645141 arp who-has 192.168.10.1 tell 192.168.10.11 > 15:24:38.645304 arp reply 192.168.10.1 is-at 00:00:5e:00:01:0a > 15:24:38.645327 IP 192.168.10.11 > 192.168.10.1: IC
[Vyatta-users] VRRP Confusion
Hello everyone, I used google to search the mail list archive, but didn't get any results for my issue. This is my second day working on the problem and my colleagues don't have any suggestions. This post is a little long, but I hope thorough enough to give all relevant information. Here is my setup: vyatta01 - eth0:192.168.2.50, eth1:192.168.10.3 vyatta02 - eth0:192.168.2.51, eth1:192.168.10.2 laptop01 - eth0:192.168.10.11 Laptop01 is connected to a switch, which also has cables from eth1 on both vyatta01 and vyatta02 connected. Eth0 on both vyatta01 and vyatta02 are connected into the main 192.168.2.0/24 network which has internet connectivity. With a base configuration of a default route to 192.168.2.21 on both vyatta01 and vyatta02, and the above IPs assigned to their respective network cards, I can ping 192.168.10.2 and 192.168.10.3 from laptop01; and I can ping 192.168.10.2 from vyatta01, and I can ping 192.168.10.3 from vyatta02. Basically, everything can ping everything. I then proceed to setup VRRP between vyatta01 and vyatta02 with the following config: --Vyatta02-- set interfaces ethernet eth1 vrrp vrrp-group 10 set interfaces ethernet eth1 vrrp virtual-address 192.168.10.1 set interfaces ethernet eth1 vrrp preempt true set interfaces ethernet eth1 vrrp priority 150 commit --Vyatta01-- set interfaces ethernet eth1 vrrp vrrp-group 10 set interfaces ethernet eth1 vrrp virtual-address 192.168.10.1 set interfaces ethernet eth1 vrrp preempt true set interfaces ethernet eth1 vrrp priority 20 commit So vyatta02 is the master, VIP is 192.168.10.1. Immediately, and as expected, I see in the output of "show vrrp" that vyatta02 considers itself the master, and vyatta01 sees itself as the backup. In a tcpdump from laptop01 I can see the VRRPv2 advertisements from vyatta02 every second. At this time from laptop01 I am unable to ping 192.168.10.1 or 192.168.10.2, but I can ping 192.168.10.3. The arp table on laptop01 shows the following: # arp -n Address HWtype HWaddress Flags MaskIface 192.168.10.3 ether 00:1A:A0:2A:04:0A C eth0 192.168.10.1 ether 00:00:5E:00:01:0A C eth0 192.168.10.2 ether 00:00:5E:00:01:0A C eth0 From vyatta01, I am also unable to ping 192.168.10.1 and 192.168.10.2. What is causing me great confusion is if on vyatta02 I login as root and execute a "tcpdump -i eth1", instantly my pings from laptop01 and vyatta01 to both 192.168.10.1 and 192.168.10.2 start getting responses. As soon as I ctrl-c the tcpdump on vyatta02, the ping responses stop again. If I reconfigure the VRRP priority of vyatta02 to be lower than vyatta01, they change over to vyatta01 being the master, and vyatta02 as the backup. At this time from laptop01 I am able to ping 192.168.10.1, 192.168.10.2 and 192.168.10.3. In a tcpdump on laptop01 I see the VRRP advertisements coming from 192.168.10.3 as expected. The arp table on laptop01 now looks like this: # arp -n Address HWtype HWaddress Flags MaskIface 192.168.10.3 ether 00:00:5E:00:01:0A C eth0 192.168.10.1 ether 00:00:5E:00:01:0A C eth0 192.168.10.2 ether 00:14:6C:70:50:6B C eth0 All systems can ping eachothers 192.168.10.x IPs at this time. In summary, I don't understand why when vyatta02 is master in the VRRP group both its IP 192.168.10.2 and the VIP 192.168.10.1 it is holding become unresponsive to pings. Then when a "tcpdump -i eth1" is run on vyatta02 both of the previously unresponsive IPs start responding to pings, then when the tcpdump is killed, the ping responses stop again. In a tcpdump from laptop01 while pinging 192.168.10.1 while vyatta02 is master and a tcpdump is not running, I can see the arp request and reply, then icmp echo requests being sent, but no responses. 15:24:38.645141 arp who-has 192.168.10.1 tell 192.168.10.11 15:24:38.645304 arp reply 192.168.10.1 is-at 00:00:5e:00:01:0a 15:24:38.645327 IP 192.168.10.11 > 192.168.10.1: ICMP echo request, id 43386, seq 1, length 64 15:24:39.644156 IP 192.168.10.11 > 192.168.10.1: ICMP echo request, id 43386, seq 2, length 64 15:24:40.644125 IP 192.168.10.11 > 192.168.10.1: ICMP echo request, id 43386, seq 3, length 64 15:24:41.644104 IP 192.168.10.11 > 192.168.10.1: ICMP echo request, id 43386, seq 4, length 64 15:24:42.644064 IP 192.168.10.11 > 192.168.10.1: ICMP echo request, id 43386, seq 5, length 64 15:24:43.644038 IP 192.168.10.11 > 192.168.10.1: ICMP echo request, id 43386, seq 6, length 64 Then if I start the "tcpdump -i eth1" on vyatta02 and start pinging 192.168.10.1 from laptop01, it gets responses to the icmp echo requests. 15:27:06.332838 arp who-has 192.168.10.1 tell 192.168.10.11 15:27:06.332983 arp reply 192.168.10.1 is-at 00:00:5e:00:01:0