I wonder if this might be solved with the disable-vmac setting? stig
> -----Original Message----- > From: [EMAIL PROTECTED] [mailto:vyatta-users- > [EMAIL PROTECTED] On Behalf Of Daniel Stickney > Sent: Wednesday, December 12, 2007 2:47 PM > To: vyatta-users@mailman.vyatta.com > Subject: [Vyatta-users] VRRP Confusion > > Hello everyone, > > I used google to search the mail list archive, but didn't get any > results for my issue. This is my second day working on the problem and > my colleagues don't have any suggestions. This post is a little long, > but I hope thorough enough to give all relevant information. > Here is my setup: > vyatta01 - eth0:192.168.2.50, eth1:192.168.10.3 > vyatta02 - eth0:192.168.2.51, eth1:192.168.10.2 > laptop01 - eth0:192.168.10.11 > > Laptop01 is connected to a switch, which also has cables from eth1 on > both vyatta01 and vyatta02 connected. Eth0 on both vyatta01 and vyatta02 > are connected into the main 192.168.2.0/24 network which has internet > connectivity. With a base configuration of a default route to > 192.168.2.21 on both vyatta01 and vyatta02, and the above IPs assigned > to their respective network cards, I can ping 192.168.10.2 and > 192.168.10.3 from laptop01; and I can ping 192.168.10.2 from vyatta01, > and I can ping 192.168.10.3 from vyatta02. Basically, everything can > ping everything. > > I then proceed to setup VRRP between vyatta01 and vyatta02 with the > following config: > --Vyatta02-- > set interfaces ethernet eth1 vrrp vrrp-group 10 > set interfaces ethernet eth1 vrrp virtual-address 192.168.10.1 > set interfaces ethernet eth1 vrrp preempt true > set interfaces ethernet eth1 vrrp priority 150 > commit > --Vyatta01-- > set interfaces ethernet eth1 vrrp vrrp-group 10 > set interfaces ethernet eth1 vrrp virtual-address 192.168.10.1 > set interfaces ethernet eth1 vrrp preempt true > set interfaces ethernet eth1 vrrp priority 20 > commit > > So vyatta02 is the master, VIP is 192.168.10.1. Immediately, and as > expected, I see in the output of "show vrrp" that vyatta02 considers > itself the master, and vyatta01 sees itself as the backup. In a tcpdump > from laptop01 I can see the VRRPv2 advertisements from vyatta02 every > second. At this time from laptop01 I am unable to ping 192.168.10.1 or > 192.168.10.2, but I can ping 192.168.10.3. The arp table on laptop01 > shows the following: > # arp -n > Address HWtype HWaddress Flags > Mask Iface > 192.168.10.3 ether 00:1A:A0:2A:04:0A > C eth0 > 192.168.10.1 ether 00:00:5E:00:01:0A > C eth0 > 192.168.10.2 ether 00:00:5E:00:01:0A > C eth0 > > From vyatta01, I am also unable to ping 192.168.10.1 and 192.168.10.2. > What is causing me great confusion is if on vyatta02 I login as root and > execute a "tcpdump -i eth1", instantly my pings from laptop01 and > vyatta01 to both 192.168.10.1 and 192.168.10.2 start getting responses. > As soon as I ctrl-c the tcpdump on vyatta02, the ping responses stop > again. > > If I reconfigure the VRRP priority of vyatta02 to be lower than > vyatta01, they change over to vyatta01 being the master, and vyatta02 as > the backup. At this time from laptop01 I am able to ping 192.168.10.1, > 192.168.10.2 and 192.168.10.3. In a tcpdump on laptop01 I see the VRRP > advertisements coming from 192.168.10.3 as expected. The arp table on > laptop01 now looks like this: > # arp -n > Address HWtype HWaddress Flags > Mask Iface > 192.168.10.3 ether 00:00:5E:00:01:0A > C eth0 > 192.168.10.1 ether 00:00:5E:00:01:0A > C eth0 > 192.168.10.2 ether 00:14:6C:70:50:6B > C eth0 > > All systems can ping eachothers 192.168.10.x IPs at this time. > > In summary, I don't understand why when vyatta02 is master in the VRRP > group both its IP 192.168.10.2 and the VIP 192.168.10.1 it is holding > become unresponsive to pings. Then when a "tcpdump -i eth1" is run on > vyatta02 both of the previously unresponsive IPs start responding to > pings, then when the tcpdump is killed, the ping responses stop again. > In a tcpdump from laptop01 while pinging 192.168.10.1 while vyatta02 is > master and a tcpdump is not running, I can see the arp request and > reply, then icmp echo requests being sent, but no responses. > > 15:24:38.645141 arp who-has 192.168.10.1 tell 192.168.10.11 > 15:24:38.645304 arp reply 192.168.10.1 is-at 00:00:5e:00:01:0a > 15:24:38.645327 IP 192.168.10.11 > 192.168.10.1: ICMP echo request, id > 43386, seq 1, length 64 > 15:24:39.644156 IP 192.168.10.11 > 192.168.10.1: ICMP echo request, id > 43386, seq 2, length 64 > 15:24:40.644125 IP 192.168.10.11 > 192.168.10.1: ICMP echo request, id > 43386, seq 3, length 64 > 15:24:41.644104 IP 192.168.10.11 > 192.168.10.1: ICMP echo request, id > 43386, seq 4, length 64 > 15:24:42.644064 IP 192.168.10.11 > 192.168.10.1: ICMP echo request, id > 43386, seq 5, length 64 > 15:24:43.644038 IP 192.168.10.11 > 192.168.10.1: ICMP echo request, id > 43386, seq 6, length 64 > > Then if I start the "tcpdump -i eth1" on vyatta02 and start pinging > 192.168.10.1 from laptop01, it gets responses to the icmp echo requests. > > 15:27:06.332838 arp who-has 192.168.10.1 tell 192.168.10.11 > 15:27:06.332983 arp reply 192.168.10.1 is-at 00:00:5e:00:01:0a > 15:27:06.333001 IP 192.168.10.11 > 192.168.10.1: ICMP echo request, id > 45946, seq 1, length 64 > 15:27:06.333181 IP 192.168.10.1 > 192.168.10.11: ICMP echo reply, id > 45946, seq 1, length 64 > 15:27:07.331867 IP 192.168.10.11 > 192.168.10.1: ICMP echo request, id > 45946, seq 2, length 64 > 15:27:07.332146 IP 192.168.10.1 > 192.168.10.11: ICMP echo reply, id > 45946, seq 2, length 64 > > I have pasted the configurations of both vyatta01 and vyatta02 here: > http://pastebin.com/f3f7bae41 > > I would love to hear back any suggestions anyone has about what the > problem is and how I can get vyatt02 to respond normally to pings when > it is the master, just like how vyatta01 responds when it is the master. > > Thanks for your time, > Daniel > > -- > Daniel Stickney - Linux Systems Administrator > > _______________________________________________ > Vyatta-users mailing list > Vyatta-users@mailman.vyatta.com > http://mailman.vyatta.com/mailman/listinfo/vyatta-users _______________________________________________ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
