[OpenIndiana-discuss] vrrp vip reachability
James Carlson
carlsonj at workingcode.com
Fri Mar 15 15:38:10 UTC 2013
On 03/15/13 11:21, Alessio wrote:
> So... all works as espected?
> No.
> If I try to ping the VIP from the server that is in the backup state, I
> can't reach such IP owned by the master server.
>
> Is such behavior by design? The VRRP implementation expects that the
> backup node cannot reach the VIP owned by the master one?
That doesn't surprise me much. I believe that's due to RFC 5798 section
6.4.2:
6.4.2. Backup
The purpose of the {Backup} state is to monitor the availability and
state of the Master router.
(300) While in this state, a VRRP router MUST do the following:
[...]
(340) - MUST NOT accept packets addressed to the IPvX address(es)
associated with the virtual router.
Accepting those packets for delivery on the Backup could easily lead (at
least) to a forwarding loop, so it's a Bad Thing. Granted, a system
could (somehow) accept and deliver them from local sources while
refusing to forward them when they arrive from external sources, but
that's far harder to accomplish. Outbound packets to a single address
tend to look the same.
Interestingly, there is something unusual in what you described, and
that's this:
> If I shutdown the Server01, the other one become the master, and I can
> continue to ping the VIP.
I don't believe that should work with normal VRRP. Section 6.4.3:
6.4.3. Master
[...]
(650) - MUST accept packets addressed to the IPvX address(es)
associated with the virtual router if it is the IPvX address owner
or if Accept_Mode is True. Otherwise, MUST NOT accept these
packets.
The default is supposed to be Accept_Mode == False, which is really the
right sort of behavior for a router. It sounds as if the system is
behaving as though Accept_Mode defaults to True.
--
James Carlson 42.703N 71.076W <carlsonj at workingcode.com>
More information about the OpenIndiana-discuss
mailing list